This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem on reinstalling antivirus on computer

Hello.

We have 2 endpoint servers (new and old). I've a problem with a computer (win10) on which I deleted all sophos components + reboot and reinstall from the share of the new server.

All components are well download from the server, but impossible that antivirus part install.

 

Trace(2019-May-14 11:54:29): PluginManager::RefreshPluginMap 471: SAVPlugin LoadLibrary (C:\Program Files (x86)\Sophos\Sophos Anti-Virus\DesktopMessaging.dll) failed A Windows API call returned error 126

I've tested all solution (desintall, clean registry, clean c:\programdata programfile and x86) add sophosxxxxx account to local admin on computer and noting work.

 

Please help me. I need really quick tu put this computer on.

 

Thanks



This thread was automatically locked due to age.
Parents
  • Hello stephane Bats,

    looks like the issue is with the DesktopMessaging.dll. I assume it's because the installation of SAVXP failed? If so, the Sophos Anti-Virus Major Install Log and perhaps the Sophos Anti-Virus Major CustomActions Log should have more information.

    Christian

  • 2019-05-14 13:55:12 Info: Detected version of SAV has major version number: 10
    2019-05-14 13:55:12 Info: Using Sophos updating modes (MSI: N, VDL: 2, IDE: 2)
    2019-05-14 13:55:12 GetProperty() - Unable to get product-type
    2019-05-14 13:55:12 Info: productType: 0
    2019-05-14 13:55:12 PROCESSOR_ARCHITECTURE environment variable is: AMD64
    2019-05-14 13:55:12 Info: Logging started: installing/upgrading Sophos Anti-Virus
    2019-05-14 13:55:12 Info: InstallFromPath is: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\
    2019-05-14 13:55:12 Info: InstallToPath is:
    2019-05-14 13:55:12 Info: Detected version of SAV has major version number: 10
    2019-05-14 13:55:12 Info: Detected version of SAV has minor version number: 8
    2019-05-14 13:55:12 Info: registryInstallTo [overriding InstallToPath] is: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\
    2019-05-14 13:55:12 Checking for problem versions of SAVI - Install path:C:\Program Files (x86)\Sophos\Sophos Anti-Virus\
    2019-05-14 13:55:12 Veex.dll version '3.74.1.2432'
    2019-05-14 13:55:12 INFO: Checking the validity of the VDL manifest file.
    2019-05-14 13:55:14 INFO: The manifest file has been successfully validated.
    2019-05-14 13:55:14 INFO: Checking the validity of the AppFeed manifest file.
    2019-05-14 13:55:14 INFO: The manifest file has been successfully validated.
    2019-05-14 13:55:14 PROCESSOR_ARCHITECTURE environment variable is: AMD64
    2019-05-14 13:55:14 Info: SetupPlugin: updateProps.m_MajorUpdate = 0
    2019-05-14 13:55:14 Info: SetupPlugin: updateProps.m_DataOnlyUpdate = 1
    2019-05-14 13:55:14 Info: SetupPlugin: updateProps.m_OnAccessDriverUpdate = 0
    2019-05-14 13:55:14 Info: SetupPlugin: updateProps.m_BootDriverUpdate = 0
    2019-05-14 13:55:14 Info: SetupPlugin: updateProps.m_ClassFilterUpdate = 0
    2019-05-14 13:55:14 Info: SetupPlugin: updateProps.m_KMSDriverUpdate = 0
    2019-05-14 13:55:14 Info: Managed install (from SAU)
    2019-05-14 13:55:14 Info: MSXML6 is installed
    2019-05-14 13:55:14 `anonymous-namespace'::GetBoolValue: Value /FeatureControl/EnableBOPS in savcontrol json file not found, assumed default
    2019-05-14 13:55:14 `anonymous-namespace'::LoadMachineFile: Failed to load machine file C:\ProgramData\Sophos\Sophos Anti-Virus\Config\machine.xml
    2019-05-14 13:55:14 HaveSAVControlFileSettingsChanged: Failed to read SAVControlFile from machine file, will force major upgrade. Error: 0x80004005
    2019-05-14 13:55:14 Info: SAVControlFile settings have changed. MSI update required
    2019-05-14 13:55:14 Check for UI changes
    2019-05-14 13:55:14 UIType in registry: full
    2019-05-14 13:55:14 ProductType in registry: 0
    2019-05-14 13:55:14 Checking the integrity of the extant SAV installation (noUI is 0)
    2019-05-14 13:55:14 There is an incomplete SAV installation, forcing a Major Update to recover
    2019-05-14 13:55:14 One or more callout driver files are missing - forcing re-install of SAV
    2019-05-14 13:55:14 Info: Performing major update of Sophos Anti-Virus using msi.
    2019-05-14 13:55:14 Info: Update is signalled.
    2019-05-14 13:55:14 In KB2918614Workaround().
    2019-05-14 13:55:14 Leaving KB2918614Workaround().
    2019-05-14 13:55:14 Product code of SAV currently installed: {9F806196-F973-4307-9B5E-B7BEA054A603}
    2019-05-14 13:55:14 Product code of SAV to be installed: {9F806196-F973-4307-9B5E-B7BEA054A603}
    2019-05-14 13:55:14 Info: Added SAVService to ServicesList.
    2019-05-14 13:55:14 Info: Added SAVAdminService to ServicesList.
    2019-05-14 13:55:14 Info: Added Sophos Device Control Service to ServicesList.
    2019-05-14 13:55:14 Info: Added SophosBootDriver to ServicesList.
    2019-05-14 13:55:14 Info: Added swi_service to ServicesList.
    2019-05-14 13:55:14 Info: Added swi_filter to ServicesList.
    2019-05-14 13:55:14 Info: Added Sophos Web Control Service to ServicesList.
    2019-05-14 13:55:14 Info: Added SAVOnAccess to ServicesList.
    2019-05-14 13:55:14 Info: Added SAV to ComponentList.
    2019-05-14 13:55:14 Info: component SDC is not registered - skipping.
    2019-05-14 13:55:14 Info: component SCS is not registered - skipping.
    2019-05-14 13:55:14 Info: Added SWI to ComponentList.
    2019-05-14 13:55:14 Info: Added SWC to ComponentList.
    2019-05-14 13:55:14 Info: Detected an older version of SAV, version 10.8. Doing a major update.
    2019-05-14 13:55:14 Info: Set Update Begin
    2019-05-14 13:55:14 Unable to create an instance of ComponentManager - SystemInformation will not be informed of the update (0x80070424)
    2019-05-14 13:55:14 Info: SAVService was found to not be installed - skipping.
    2019-05-14 13:55:14 Info: SAVAdminService was found to not be installed - skipping.
    2019-05-14 13:55:14 Info: Sophos Device Control Service was found to not be installed - skipping.
    2019-05-14 13:55:14 Info: Added SophosBootDriver to ServicesList.
    2019-05-14 13:55:14 Info: swi_service was found to not be installed - skipping.
    2019-05-14 13:55:14 Info: swi_filter was found to not be installed - skipping.
    2019-05-14 13:55:14 Info: Sophos Web Control Service was found to not be installed - skipping.
    2019-05-14 13:55:14 Info: All services reported they accept stop controls.
    2019-05-14 13:55:14 Info: Stop SAVService
    2019-05-14 13:55:14 Warning: ControlSAVService: Unable to open the SAVService service, hr = 0x80070424
    2019-05-14 13:55:14 Info: Convert boot tasks
    2019-05-14 13:55:14 Info: CopyFilesToTemp
    2019-05-14 13:55:14 ERROR: StoreTempFiles - failed to copy machine file - not present, hr = 0x0
    2019-05-14 13:55:14 Warning: configuration will not be preserved
    2019-05-14 13:55:14 Info: Reading overrides from registry
    2019-05-14 13:55:14 Info: Getting registered UI plugins from registry
    2019-05-14 13:55:14 Info: Uninstall old SAV
    2019-05-14 13:55:14 Unable to open registry key: SOFTWARE\Sophos\Telemetry\Plugins
    2019-05-14 13:55:14 PatchInstalledSavForRemoveSAVI: Error 1605
    2019-05-14 13:55:14 PatchInstalledSavForDeleteUserGroups: Error 1605
    2019-05-14 13:55:14 DisableUninstallSecurityCenterCustomAction: Error 1605
    2019-05-14 13:55:14 Info: Running Uninstall of previous version using command line: msiexec.exe /x {9F806196-F973-4307-9B5E-B7BEA054A603} REBOOT=ReallySuppress /qn UNINSTALLDRIVERS=0 UNINSTALLCLASSFILTER=0 UNINSTALLBOOTDRIVERS=1 UNINSTALLKMSDRIVERS=1 CHECKFORSCF=0 INSTALLINGVERSION="10.8.2.363" /Lvp "C:\Windows\TEMP\Sophos Anti-Virus Uninstall Log_190514_115514.txt"
    2019-05-14 13:55:14 Info: Finished waiting for Uninstallation of previous version. Status returned was 0l.
    2019-05-14 13:55:14 WARNING: SAV uninstall failed with error 1605
    2019-05-14 13:55:14 Info: Detected version of SAV has major version number: 10
    2019-05-14 13:55:14 Info: Detected version of SAV has minor version number: 8
    2019-05-14 13:55:14 ERROR: Uninstall of SAV, version = 10.8.2, succeeded but IsSAVInstalled is true (10.8.2).
    2019-05-14 13:55:14 ERROR: Upgrade failure
    2019-05-14 13:55:14 Info: Added SAV to ComponentList.
    2019-05-14 13:55:14 Info: Added SWI to ComponentList.
    2019-05-14 13:55:14 Info: Added SWC to ComponentList.
    2019-05-14 13:55:14 Info: Set Update Failed
    2019-05-14 13:55:14 Unable to create an instance of ComponentManager - SystemInformation cannot be informed of end of update

  • Hello stephane Bats,

    there seems to be some inconsistency in the registry. It thinks it has to uninstall an existing 10.8.2 but when instructed to uninstall the Windows Installer returns 1605 (ERROR_UNKNOWN_PRODUCT) - This action is only valid for products that are currently installed

    I assume that HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F806196-F973-4307-9B5E-B7BEA054A603} exists in the registry but HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\691608F9379F7034B9E57BEB0A456A30 is not there. If this is the case please delete the key under Uninstall, this should allow the install to proceed, there might be additional issues though.

    Christian

  • Thanks for your help.

    what i do is :

    - search in registry all related to"sophos" and deleted

    - uninstall all app with msi path (like unistall script) (more or less https://community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/105047/cant-uninstall-sophos-endpoint-on-my-windows-7-computer/382874#382874)

    - uninstall product that are still present after commad promt unistall

    - suppress all trace on c:\ of sophos software

    - reboot

    - launch install from server share

    - all goes well !!!!!!!

     

    Thanks for your help, but sophos is hell to uninstall simply

Reply Children
  • Hello stephane Bats,

    sophos is hell to uninstall simply
    IMO it isn't. It normally works using either Programs and Features (you should check the article for the recommended order) or from the command line or a script. There's no need to do additional clean up of assumed left-overs (like folders or registry keys with certain strings in their names). Wonder why this putative knowledge lingers on - it was never really true, worked only for software that used this naming convention, and couldn't work for software that integrated with Windows (as the interfaces have certain naming conventions and don't permit arbitrary names)
    If updating fails because of install/uninstall issues the cause should be determined. In most cases it's easy to correct the problem so that install/uninstall with one of the above methods succeeds. Manual "cleaning" isn't simple and rarely helps - at best it doesn't things worse. Microsoft has a Fix-It tool to deal with Installer inconsistencies.

    Christian