This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SAVXP failed to install (0x00000067)

Hello,

I have a problem with an endpoint client (Windows 7 x64). SEC tells me "Failed to install the SAVXP. MSI has failed (0x00000067)".

 

Here are the Sophos Anti-Virus Install and CustomActions Log - https://paste.ee/p/30png

 

I hope you can help me.

 

Thanks

Lars



This thread was automatically locked due to age.
Parents
  • Hi Illeadmin,

    From the logs:

    CAQuietExec: **** Warning: Publisher {788a31a2-9d77-4994-a1c5-6c3036f56141} is installed on the system. Only new values CAQuietExec: would be added. If you update previous settings MSI (s) (04:78) [14: 49: 55: 461]: Executing op: ActionStart (Name = CreateUserGroups ,,) CAQuietExec: want to uninstall the manifest first.

    Can you try replacing the below registry key from a working machine and try the installation again.

    \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{c91ef675-842f-4fcf-a5c9-6ea93f2e4f8b}

    If the installation still fails, can you collect the Procmon logs while the installation process?

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

Reply
  • Hi Illeadmin,

    From the logs:

    CAQuietExec: **** Warning: Publisher {788a31a2-9d77-4994-a1c5-6c3036f56141} is installed on the system. Only new values CAQuietExec: would be added. If you update previous settings MSI (s) (04:78) [14: 49: 55: 461]: Executing op: ActionStart (Name = CreateUserGroups ,,) CAQuietExec: want to uninstall the manifest first.

    Can you try replacing the below registry key from a working machine and try the installation again.

    \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{c91ef675-842f-4fcf-a5c9-6ea93f2e4f8b}

    If the installation still fails, can you collect the Procmon logs while the installation process?

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

Children
  • CreateUserGroups is the failing custom action as QC mentions: 

    2018-06-07 14:49:55 CreateUserGroups: Action started
    2018-06-07 14:49:55 CreateUserGroups: Unable to create local SophosUserGroup
    2018-06-07 14:49:55 CreateUserGroups: Unable to create local SophosPowerGroup
    2018-06-07 14:49:55 CreateUserGroups: Unable to create local SophosAdminGroup
    2018-06-07 14:49:55 CreateUserGroups: Unable to create local OnAccessGroup
    2018-06-07 14:49:55 CreateUserGroups: Unable to create add local group SIDs to machine file.
    2018-06-07 14:49:55 CreateUserGroups: Action failed

    Presumably the messages about: "Unable to create local SophosUserGroup" etc.. are OK, and this is just because the local groups already exist.  In which case the problem is probably:

    Unable to create add local group SIDs to machine file.

    ...otherwise why would it have gotten this far in the custom action.

    I've seen this before if the C:\ProgramData\Sophos\Sophos Anti-Virus\Config\machine.xml file is corrupt.  Can you check that?  It would make sense if it's trying to update the XML file.

    Regards,
    Jak

  • Hey Jak, 

    thanks for your help. That was exactly what needed to be done to get sophos back online and updated.

    Thanks 

    Lars