This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

error 80041f19 when installing Sophos AV on Windows 10 Pro

Hi,

There is some issue experienced by my Windows 10 users. Windows Defender is a default install of Windows 10. I cannot uninstall it and to my knowledge 3rd party AV software is supposed to leave Defender alone and just disable Defender's on-access scanning engine.

How do one install Sophos Central's endpoint on Windows 10 when the install cannot remove defender?

Here are some log entries, avremove.log:

22 Feb 2017 14:10:49 Info: Running OS: Microsoft Windows 8  [Version 6.02.9200]

22 Feb 2017 14:41:32 Failure: Removal of Microsoft Security Client version 4.5.x failed
22 Feb 2017 14:41:32 Failure: Return code 1603
22 Feb 2017 14:41:32 Info: Competitor Removal Tool exit code 16
22 Feb 2017 14:41:32 Info: AVRemove finished. 1 product found, 0 products removed. Report logged to : C:\WINDOWS\TEMP\avremove.log
Sophos Anti-Virus software detector - Version 2.12.0.38
Copyright (C) 2003-2017 Sophos Limited. All rights reserved.
Running OS: Microsoft Windows 8 [Version 6.02.9200]
Removing detected products...
AVRemove finished. 1 product found, 0 products removed. Report logged to : C:\WINDOWS\TEMP\avremove.log

 

Note: The "removal" tool thinks I'm running Windows 8 but in fact it is Windows 10 Pro.

MSI log:

Property(S): OutOfNoRbDiskSpace = 0
Property(S): PrimaryVolumeSpaceAvailable = 0
Property(S): PrimaryVolumeSpaceRequired = 0
Property(S): PrimaryVolumeSpaceRemaining = 0
Property(S): SOURCEDIR = c:\Windows\Installer\
Property(S): SourcedirProduct = {D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}
=== Logging stopped: 2017/02/22 14:41:31 ===
MSI (s) (D0:38) [14:41:31:701]: Note: 1: 1725
MSI (s) (D0:38) [14:41:31:730]: Product: Microsoft Security Client -- Removal failed.

MSI (s) (D0:38) [14:41:31:757]: Windows Installer removed the product. Product Name: Microsoft Security Client. Product Version: 4.8.0204.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Removal success or error status: 1603.

MSI (s) (D0:38) [14:41:31:788]: Deferring clean up of packages/files, if any exist
MSI (s) (D0:38) [14:41:31:811]: MainEngineThread is returning 1603
MSI (s) (D0:68) [14:41:31:844]: RESTART MANAGER: Session closed.
MSI (s) (D0:68) [14:41:31:868]: No System Restore sequence number for this installation.
MSI (s) (D0:68) [14:41:31:901]: User policy value 'DisableRollback' is 0
MSI (s) (D0:68) [14:41:31:940]: Machine policy value 'DisableRollback' is 0
MSI (s) (D0:68) [14:41:31:986]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (D0:68) [14:41:32:011]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (D0:68) [14:41:32:041]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (D0:68) [14:41:32:097]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (D0:68) [14:41:32:167]: Destroying RemoteAPI object.
MSI (s) (D0:B8) [14:41:32:206]: Custom Action Manager thread ending.
MSI (c) (1C:30) [14:41:32:264]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (1C:30) [14:41:32:324]: MainEngineThread is returning 1603
=== Verbose logging stopped: 2017/02/22 14:41:32 ===

This page is not really helpful at all:

community.sophos.com/.../125402



This thread was automatically locked due to age.
Parents
  • Do you find a MSI log created under: C:\windows\temp\, possibly %temp%, for the Microsoft Security Client uninstall?  It would be interesting to see what is in that.

    I assume it's MSI based?

    If it is MSI based but no MSI log for the removal, if you enable Windows Installer logging as per:

    https://support.microsoft.com/en-gb/help/223300/how-to-enable-windows-installer-logging

    I.e create:

    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer
    Reg_SZ: Logging
    Value: voicewarmupx!

    Do you get a uninstall MSI log then?

    Before installing Sophos, you could try just running:

    "C:\Program Files\Microsoft Security Client\Setup.exe" /x /s

    The above should remove it silently so the Sophos CRT doesn't detect it.

    Regards,

    Jak

  • Hi Jak,

    I don't think it can be uninstalled. It is built into Windows. There are ways to disable it but not remove. 

    I did add the last bit from the Sophos MSI log.

    Danie

Reply Children