This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint failing to update, install or uninstall Windows 10 1903

Hi Guys,

 

I have where at first i started getting a notification saying sophos was unable to update.

 

I tried manually, then running the installer from the sharepoint.

 

Uninstalling (sophos AV failed but other elements removed), removing a couple of registry values suggested in other threads and manually deleting data from folders. Followed by reinstalling.

 

some elements seem to reinstall but but all elements, i have no AV which is the most important aspect.

 

Originally I had this issue on a earlier feature release of Windows 10, all attempts to upgrade to 1903 failed, but i thought i would just try the Windows 10 1903 update during the uninstall and reinstall of Sophos and it upgraded successfully. Sophos also failed to install on either version of Windows 10.

 

 

Here is my ALUpdate log

 

thanks

 

ALUpdate20190716T123345.8734440.log



This thread was automatically locked due to age.
Parents
  • Hello JaffNSX,

    according to the log the Anti-Virus and the Network Treat Protection components fail to install. The corresponding logs are in %windir%\Temp\ and should have some information about the error.

    Christian

Reply
  • Hello JaffNSX,

    according to the log the Anti-Virus and the Network Treat Protection components fail to install. The corresponding logs are in %windir%\Temp\ and should have some information about the error.

    Christian

Children
  • Thanks,

     

    Here are my logs in the Temp folder.

     

    Sophos Network Threat Protection Install Log 20190716 145018.txt

    16-07-2019 14:05:00 Successfully requested Sophos Endpoint Defense disable tamper protection of SAU.
    16-07-2019 14:05:00 In MsiLib::GetPackageProductInfo().
    16-07-2019 14:05:00 In MsiLib::GetPackageProperty().
    16-07-2019 14:05:00 Leaving MsiLib::GetPackageProperty() with ERROR_SUCCESS.
    16-07-2019 14:05:00 In MsiLib::GetPackageProperty().
    16-07-2019 14:05:00 Leaving MsiLib::GetPackageProperty() with ERROR_SUCCESS.
    16-07-2019 14:05:00 In MsiLib::GetPackageProperty().
    16-07-2019 14:05:00 Leaving MsiLib::GetPackageProperty() with ERROR_SUCCESS.
    16-07-2019 14:05:00 Leaving MsiLib::GetPackageProductInfo().
    16-07-2019 14:05:00 In MsiLib::IsProductInstalled().
    16-07-2019 14:05:00 Leaving MsiLib::IsProductInstalled() with true.
    16-07-2019 14:05:00 In FixIniFiles().
    16-07-2019 14:05:00 Processing: C:\ProgramData\Sophos\AutoUpdate\Config\iconn.cfg
    16-07-2019 14:05:00 Processing: C:\ProgramData\Sophos\AutoUpdate\Config\idata.cfg
    16-07-2019 14:05:00 Processing: C:\ProgramData\Sophos\AutoUpdate\Config\ilog.cfg
    16-07-2019 14:05:00 Processing: C:\ProgramData\Sophos\AutoUpdate\Config\imon.cfg
    16-07-2019 14:05:00 Processing: C:\ProgramData\Sophos\AutoUpdate\Config\isched.cfg
    16-07-2019 14:05:00 Processing: C:\ProgramData\Sophos\AutoUpdate\Config\iupd.cfg
    16-07-2019 14:05:00 Pre-existing version: 5.14.36; Installing version: 5.15.166.
    16-07-2019 14:05:00 In KB2918614Workaround().
    16-07-2019 14:05:00 Leaving KB2918614Workaround().
    16-07-2019 14:05:00 Installation type: Minor upgrade.
    16-07-2019 14:05:00 MSI installation attempt: 1
    16-07-2019 14:05:10 Installation of Sophos AutoUpdate completed successfully.
    16-07-2019 14:05:10 Telemetry Interval is 86400 seconds
    16-07-2019 14:05:10 C:\ProgramData\Sophos\AutoUpdate\\Config\TelemetryConfig.json loaded
    16-07-2019 14:05:10 Telemetry Interval updated to 86400 seconds
    16-07-2019 14:05:10 Set Telemetry RandomOffset.
    16-07-2019 14:05:10 Set Telemetry LastTelemetryTime.
    16-07-2019 14:05:10 Successfully registered for tamper protection with Sophos Endpoint Defense.
    
    2019-07-16 13:44:51 Call to MsiGetProductInfo failed for product {9AC08E99-230B-47e8-9721-4577B7F124EA} with error code: 1608
    
    2019-07-16 13:44:51 Call to MsiGetProductInfo failed for product {731F6BAA-A986-45A4-8936-7C3AAAAA760B} with error code: 1608
    
    2019-07-16 13:44:51 Detected version of SAV with product code: {C4EDC7DA-3AF8-4E99-ACAC-4C1A70F88CFB}
    
    2019-07-16 13:44:51 Info: Detected version of SAV has major version number: 10
    
    2019-07-16 13:44:51 Info: Using Sophos updating modes (MSI: N, VDL: 2, IDE: 2)
    
    2019-07-16 13:44:51 GetProperty() - Unable to get product-type
    
    2019-07-16 13:44:51 Info: productType: 0
    
    2019-07-16 13:44:51 PROCESSOR_ARCHITECTURE environment variable is: AMD64
    
    2019-07-16 13:44:51 Info: Logging started: installing/upgrading Sophos Anti-Virus
    
    2019-07-16 13:44:51 Info: InstallFromPath is: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\
    
    2019-07-16 13:44:51 Info: InstallToPath is: 
    
    2019-07-16 13:44:51 Call to MsiGetProductInfo failed for product {9AC08E99-230B-47e8-9721-4577B7F124EA} with error code: 1608
    
    2019-07-16 13:44:51 Call to MsiGetProductInfo failed for product {731F6BAA-A986-45A4-8936-7C3AAAAA760B} with error code: 1608
    
    2019-07-16 13:44:51 Detected version of SAV with product code: {C4EDC7DA-3AF8-4E99-ACAC-4C1A70F88CFB}
    
    2019-07-16 13:44:51 Info: Detected version of SAV has major version number: 10
    
    2019-07-16 13:44:51 Info: Detected version of SAV has minor version number: 8
    
    2019-07-16 13:44:51 Info: SetupPlugin: Unable to open Application registry key to get Install Path.
    
    2019-07-16 13:44:51 Info: registryInstallTo [overriding InstallToPath] is: 
    
    2019-07-16 13:44:51 Checking for problem versions of SAVI - Install path:
    
    2019-07-16 13:44:51 Veex.dll version ''
    
    2019-07-16 13:44:51 INFO: Checking the validity of the VDL manifest file.
    
    2019-07-16 13:44:52 INFO: The manifest file has been successfully validated.
    
    2019-07-16 13:44:52 INFO: Checking the validity of the AppFeed manifest file.
    
    2019-07-16 13:44:52 INFO: The manifest file has been successfully validated.
    
    2019-07-16 13:44:52 Info: Install source location passed to ReadCatalog() is empty. Reverting to a full update.
    
    2019-07-16 13:44:52 Info: Feature change, From: 'AV,CRT,HIPS,PUA,URLSCRTY'  To: 'AV,CRT,DLP,DVCCNTRL,HIPS,PUA,URLSCRTY,WEBCNTRL'
    
    2019-07-16 13:44:52 Info: Managed install (from SAU)
    
    2019-07-16 13:44:52 Info: MSXML6 is installed
    
    2019-07-16 13:44:52 Check for UI changes
    
    2019-07-16 13:44:52 Unable to open SAV application key
    
    2019-07-16 13:44:52 Unable to open SAV application key
    
    2019-07-16 13:44:52 Checking the integrity of the extant SAV installation (noUI is 0)
    
    2019-07-16 13:44:52 The file \WSCClient.exe does not exist(2)
    
    2019-07-16 13:44:52 The file \SavService.exe does not exist(2)
    
    2019-07-16 13:44:52 The file \SavAdminService.exe does not exist(2)
    
    2019-07-16 13:44:52 The file \BackgroundScanClient.exe does not exist(2)
    
    2019-07-16 13:44:52 The file \ComponentManager.dll does not exist(2)
    
    2019-07-16 13:44:52 The file \ICAdapter.dll does not exist(2)
    
    2019-07-16 13:44:52 The file \ICManagement.dll does not exist(2)
    
    2019-07-16 13:44:52 The file \ICProcessors.dll does not exist(2)
    
    2019-07-16 13:44:52 The file \ThreatDetection.dll does not exist(2)
    
    2019-07-16 13:44:52 The file \VirusDetection.dll does not exist(2)
    
    2019-07-16 13:44:52 The file \SavControl.dll does not exist(2)
    
    2019-07-16 13:44:52 The file \SavMain.exe does not exist(2)
    
    2019-07-16 13:44:52 The file \SavProgress.exe does not exist(2)
    
    2019-07-16 13:44:52 The file \DesktopMessaging.dll does not exist(2)
    
    2019-07-16 13:44:52 The file \SavShellExt.dll does not exist(2)
    
    2019-07-16 13:44:52 There is an incomplete SAV installation, forcing a Major Update to recover
    
    2019-07-16 13:44:52 One or more callout driver files are missing - forcing re-install of SAV
    
    2019-07-16 13:44:52 Info: Performing major update of Sophos Anti-Virus using msi.
    
    2019-07-16 13:44:52 Info: Update is signalled.
    
    2019-07-16 13:44:52 Call to MsiGetProductInfo failed for product {9AC08E99-230B-47e8-9721-4577B7F124EA} with error code: 1608
    
    2019-07-16 13:44:52 Call to MsiGetProductInfo failed for product {731F6BAA-A986-45A4-8936-7C3AAAAA760B} with error code: 1608
    
    2019-07-16 13:44:52 Detected version of SAV with product code: {C4EDC7DA-3AF8-4E99-ACAC-4C1A70F88CFB}
    
    2019-07-16 13:44:52 In KB2918614Workaround().
    
    2019-07-16 13:44:52 Leaving KB2918614Workaround().
    
    2019-07-16 13:44:52 Call to MsiGetProductInfo failed for product {9AC08E99-230B-47e8-9721-4577B7F124EA} with error code: 1608
    
    2019-07-16 13:44:52 Call to MsiGetProductInfo failed for product {731F6BAA-A986-45A4-8936-7C3AAAAA760B} with error code: 1608
    
    2019-07-16 13:44:52 Detected version of SAV with product code: {C4EDC7DA-3AF8-4E99-ACAC-4C1A70F88CFB}
    
    2019-07-16 13:44:52 Product code of SAV currently installed: {C4EDC7DA-3AF8-4E99-ACAC-4C1A70F88CFB}
    
    2019-07-16 13:44:52 Product code of SAV to be installed:     {01423865-551B-4C59-B44A-CC604BC21AF3}
    
    2019-07-16 13:44:52 ERROR: GetVersion - Unable to load the new Factory file, path = C:\ProgramData\Sophos\Sophos Anti-Virus\Config\Factory.xml
    
    2019-07-16 13:44:52 ProductCode change detected
    
    2019-07-16 13:44:52 Info: Added SAVService to ServicesList.
    
    2019-07-16 13:44:52 Info: Added SAVAdminService to ServicesList.
    
    2019-07-16 13:44:52 Info: Added Sophos Device Control Service to ServicesList.
    
    2019-07-16 13:44:52 Info: Added SophosBootDriver to ServicesList.
    
    2019-07-16 13:44:52 Info: Added swi_service to ServicesList.
    
    2019-07-16 13:44:52 Info: Added swi_filter to ServicesList.
    
    2019-07-16 13:44:52 Info: Added swi_callout to ServicesList.
    
    2019-07-16 13:44:52 Info: Added swi_update to ServicesList.
    
    2019-07-16 13:44:52 Info: Added swi_update_64 to ServicesList.
    
    2019-07-16 13:44:52 Info: Added Sophos Web Control Service to ServicesList.
    
    2019-07-16 13:44:52 Info: Added SAVOnAccess to ServicesList.
    
    2019-07-16 13:44:52 Info: component SAV is not registered - skipping.
    
    2019-07-16 13:44:52 Info: component SDC is not registered - skipping.
    
    2019-07-16 13:44:52 Info: component SCS is not registered - skipping.
    
    2019-07-16 13:44:52 Info: component SWI is not registered - skipping.
    
    2019-07-16 13:44:52 Info: component SWC is not registered - skipping.
    
    2019-07-16 13:44:52 Info: Detected an older version of SAV, version 10.8. Doing a major update.
    
    2019-07-16 13:44:52 Info: Set Update Begin
    
    2019-07-16 13:44:52 Unable to create an instance of ComponentManager - SystemInformation will not be informed of the update (0x80040154)
    
    2019-07-16 13:44:52 Info: SAVService was found to not be installed - skipping.
    
    2019-07-16 13:44:52 Info: SAVAdminService was found to not be installed - skipping.
    
    2019-07-16 13:44:52 Info: Sophos Device Control Service was found to not be installed - skipping.
    
    2019-07-16 13:44:52 Info: SophosBootDriver was found to not be installed - skipping.
    
    2019-07-16 13:44:52 Info: swi_service was found to not be installed - skipping.
    
    2019-07-16 13:44:52 Info: swi_filter was found to not be installed - skipping.
    
    2019-07-16 13:44:52 Info: Added swi_callout to ServicesList.
    
    2019-07-16 13:44:52 Info: swi_update was found to not be installed - skipping.
    
    2019-07-16 13:44:52 Info: swi_update_64 was found to not be installed - skipping.
    
    2019-07-16 13:44:52 Info: Sophos Web Control Service was found to not be installed - skipping.
    
    2019-07-16 13:44:52 Info: All services reported they accept stop controls.
    
    2019-07-16 13:44:52 Info: Stop SAVService
    
    2019-07-16 13:44:52 Warning: ControlSAVService: Unable to open the SAVService service, hr = 0x80070424
    
    2019-07-16 13:44:52 Info: Convert boot tasks
    
    2019-07-16 13:44:52 Info: CopyFilesToTemp
    
    2019-07-16 13:44:52 ERROR: StoreTempFiles - failed to copy machine file - not present, hr = 0x0
    
    2019-07-16 13:44:52 Warning: configuration will not be preserved
    
    2019-07-16 13:44:52 Info: Create backup copy of WSCClient
    
    2019-07-16 13:44:52 Info: SetupPlugin: Unable to open Application registry key to get Install Path.
    
    2019-07-16 13:44:52 ERROR: Failed to get current install location to register with tamper protection. Error 0x80070002
    
    
    Install from:[C:\ProgramData\Sophos\AutoUpdate\cache\rms]
    Install to  :[(null)]
    RMS: Current product is not installed.
    TP: Successfully requested Sophos Endpoint Defense disable tamper protection of RMS.
    MsiPackagePath: [C:\ProgramData\Sophos\AutoUpdate\cache\rms\Sophos Remote Management System.msi].
    Result of loading C:\Program Files (x86)\Sophos\AutoUpdate\SAUConfigDLL.dll is: [70310000]
    LOGIC: No Version of RMS detected (unistall is not needed)
    LOGIC: RMS is not installed (minor upgrade is n/a)
    Clean installation of RMS required
    CopyPrerequisite(from=C:\ProgramData\Sophos\AutoUpdate\cache\rms\,                 to  =,                 file=mrinit.conf)
    Missing source file `C:\ProgramData\Sophos\AutoUpdate\cache\rms\mrinit.conf`
    , nothing to do.
    RMS: Setup Plugin running MsiInstallProduct(C:\ProgramData\Sophos\AutoUpdate\cache\rms\Sophos Remote Management System.msi, 
                                                REBOOT=ReallySuppress SOPHOS_TP_TOKEN=1 ALLUSERS=1)
    TP: Successfully registered for tamper protection with Sophos Endpoint Defense.
    

  • Hello JaffNSX,

    NTP looks fine but SAVXP is found to be (logically) installed, the installation is corrupt in a way that the Installer can't handle.
    I think it's necessary to remove the Installer information for the corrupt SAVXP installation - please see  Fix problems that block programs from being installed or removed. If Sophos Anti-Virus isn't shown on the list the code to use is: {C4EDC7DA-3AF8-4E99-ACAC-4C1A70F88CFB}

    Christian

  • Hi  

    It shows under the logs that an older version of Sophos Anti-virus is still not removed. I would recommend you to check for this {C4EDC7DA-3AF8-4E99-ACAC-4C1A70F88CFB} registry key in below locations and see if there are any remnants. Please make sure to take registry back up before making any changes. 

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    ​HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes
    HKEY_CLASSES_ROOT\Installer\UpgradeCodes\
    HKEY_CLASSES_ROOT\Installer\Products

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids