Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 14 replies
  • Subscribers 3 subscribers
  • Views 3219 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem on reinstalling antivirus on computer

daunay olivier

 I've a problem with a computer (win2016) on which I deleted all sophos components + reboot and reinstall from the share of the new server.

All components are well download from the server, but impossible that antivirus part install.

I've tested all solution (desintall manual and SophosZap, clean registry, clean c:\programdata programfile and x86 )

I've tested Sophos Endpoint Defense: How to recover a tamper protected system

ALWAYS the same message in Log : 

2021-04-20 11:47:15 ERROR: Installation failed
2021-04-20 11:47:15 Info: SetupPlugin: Unable to open Application registry key to get Install Path.
2021-04-20 11:47:15 ERROR: Failed to get current install location to register with tamper protection. Error 0x80070002
2021-04-20 11:47:15 ERROR: Failed to update the major update counters (The result of the last run has not been set)

Please help me. 

 Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hello daunay olivier,

    this is from the ALUpdate log, isn't it?
    You say that everything installed except SAVXP (and it does not appear in Programs and Features)? The actual final error is the rather vague ERROR: Installation failed. The rest is just consequential. Guess there is nothing meaningful prior to this message.

    Please check the Sophos Anti-Virus Major Install and Sophos Anti-Virus Major CustomActions logs in %windir%\Temp.

    Christian

  • 0 in reply to QC

    Thank you for your response

    the log with the error was Sophos Anti-Virus Major Install Log

    I control the log Sophos Anti-Virus Major CustomActions Log and found this error :

    2021-04-20 11:47:01 CreateUserGroups: Action started
    2021-04-20 11:47:01 CreateUserGroups: CreateSophosUserGroup: Group SophosUser has been created successfully.
    2021-04-20 11:47:01 CreateUserGroups: CreateSophosUserGroup: Group SophosPowerUser has been created successfully.
    2021-04-20 11:47:01 CreateUserGroups: CreateSophosUserGroup: Group SophosAdministrator has been created successfully.
    2021-04-20 11:47:01 CreateUserGroups: CreateSophosUserGroup: Group SophosOnAccess has been created successfully.
    2021-04-20 11:47:01 CreateUserGroups: PROCESSOR_ARCHITECTURE environment variable is: AMD64
    2021-04-20 11:47:01 CreateUserGroups: Local name of well-known group Administrators is Administrateurs
    2021-04-20 11:47:01 CreateUserGroups: Local name of well-known group PowerUsers is Utilisateurs avec pouvoir
    2021-04-20 11:47:01 CreateUserGroups: Local name of well-known group Users is Utilisateurs
    2021-04-20 11:47:01 CreateUserGroups: Failed to add the members of group PowerUsers to SophosPowerUser group. HRESULT: 0x80070057
    2021-04-20 11:47:01 CreateUserGroups: Adding LOCAL SYSTEM to the SophosAdministrator role in the machine file
    2021-04-20 11:47:01 CreateUserGroups: Action succeeded

    I don't find these usergroups localy like on the other computer ?

  • 0 in reply to daunay olivier

    the SOPHOS installer creates the groups correctly but they are deleted during the rollback of the installation apparently

  • 0 in reply to daunay olivier

    MSI (s) (24:04) [14:15:20:940]: Invoking remote custom action. DLL: C:\windows\Installer\MSIC73A.tmp, Entrypoint: CAQuietExec
    CAQuietExec: driverInstaller
    CAQuietExec:
    CAQuietExec: Installation error: The driver package is not signed.
    CAQuietExec: error:1
    CAQuietExec: Error 0x80070001: Command line returned an error.
    CAQuietExec: Error 0x80070001: CAQuietExec Failed
    CustomAction SwiCalloutInstall.11DACB83_28A7_4FA6_AF5B_C006E340C101 returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
    MSI (s) (24:C0) [14:15:21:018]: Note: 1: 2265 2: 3: -2147287035
    MSI (s) (24:C0) [14:15:21:018]: User policy value 'DisableRollback' is 0
    MSI (s) (24:C0) [14:15:21:018]: Machine policy value 'DisableRollback' is 0
    Fin de l'action 14:15:21 : InstallFinalize. Valeur renvoyée 3.
    MSI (s) (24:C0) [14:15:21:018]: Note: 1: 2318 2:
    MSI (s) (24:C0) [14:15:21:049]: Executing op: Header(Signature=1397708873,Version=500,Timestamp=1385460197,LangId=1036,Platform=0,ScriptType=2,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1)
    MSI (s) (24:C0) [14:15:21:049]: Executing op: DialogInfo(Type=0,Argument=1036)
    MSI (s) (24:C0) [14:15:21:049]: Executing op: DialogInfo(Type=1,Argument=Sophos Anti-Virus)
    MSI (s) (24:C0) [14:15:21:049]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Annulation en cours de l'action :,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Suppression en cours des fichiers de sauvegarde,CleanupTemplate=Fichier : [1])
    MSI (s) (24:C0) [14:15:21:049]: Executing op: ActionStart(Name=SwiCalloutInstall.11DACB83_28A7_4FA6_AF5B_C006E340C101,,)
    MSI (s) (24:C0) [14:15:21:049]: Executing op: ProductInfo(ProductKey={31616A98-3852-49E9-BDD6-77A1AB85571A},ProductName=Sophos Anti-Virus,PackageName=Sophos Anti-Virus.msi,Language=1036,Version=168296458,Assignment=1,ObsoleteArg=0,ProductIcon=ARPPRODUCTICON.exe,,PackageCode={DA891FEE-A03E-4AE7-98FD-7F1E6F27DD3B},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0,ProductDeploymentFlags=3)
    MSI (s) (24:C0) [14:15:21:049]: Executing op: ActionStart(Name=SwiCalloutRollback.11DACB83_28A7_4FA6_AF5B_C006E340C101,,)
    MSI (s) (24:C0) [14:15:21:049]: Executing op: CustomActionRollback(Action=SwiCalloutRollback.11DACB83_28A7_4FA6_AF5B_C006E340C101,ActionType=3393,Source=BinaryData,Target=CAQuietExec,CustomActionData="C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_di.exe" -r "C:\windows\TEMP\SwiRebootRequired.txt" /u "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_callout.inf")
    MSI (s) (24:10) [14:15:21:049]: Invoking remote custom action. DLL: C:\windows\Installer\MSIC7A8.tmp, Entrypoint: CAQuietExec
    CAQuietExec: driverInstaller
    CAQuietExec:
    CAQuietExec: Uninstallation error: Unknown error code: 0xe0000302
    CAQuietExec: error:1
    CAQuietExec: Error 0x80070001: Command line returned an error.
    CAQuietExec: Error 0x80070001: CAQuietExec Failed
    CustomAction SwiCalloutRollback.11DACB83_28A7_4FA6_AF5B_C006E340C101 returned actual error code 1603 but will be translated to success due to continue marking
    MSI (s) (24:C0) [14:15:21:080]: Executing op: ActionStart(Name=SwiServiceRegister.11DACB83_28A7_4FA6_AF5B_C006E340C101,,)
    MSI (s) (24:C0) [14:15:21:080]: Executing op: ActionStart(Name=SwiServiceRollback.11DACB83_28A7_4FA6_AF5B_C006E340C101,,)
    MSI (s) (24:C0) [14:15:21:080]: Executing op: CustomActionRollback(Action=SwiServiceRollback.11DACB83_28A7_4FA6_AF5B_C006E340C101,ActionType=3393,Source=BinaryData,Target=UninstallService,CustomActionData=swi_service)
    MSI (s) (24:70) [14:15:21:080]: Invoking remote custom action. DLL: C:\windows\Installer\MSIC7C9.tmp, Entrypoint: UninstallService
    UninstallService: Unable to open service to delete it. Error 1060
    CustomAction SwiServiceRollback.11DACB83_28A7_4FA6_AF5B_C006E340C101 returned actual error code 1603 but will be translated to success due to continue marking

Reply
  • 0 in reply to daunay olivier

    MSI (s) (24:04) [14:15:20:940]: Invoking remote custom action. DLL: C:\windows\Installer\MSIC73A.tmp, Entrypoint: CAQuietExec
    CAQuietExec: driverInstaller
    CAQuietExec:
    CAQuietExec: Installation error: The driver package is not signed.
    CAQuietExec: error:1
    CAQuietExec: Error 0x80070001: Command line returned an error.
    CAQuietExec: Error 0x80070001: CAQuietExec Failed
    CustomAction SwiCalloutInstall.11DACB83_28A7_4FA6_AF5B_C006E340C101 returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
    MSI (s) (24:C0) [14:15:21:018]: Note: 1: 2265 2: 3: -2147287035
    MSI (s) (24:C0) [14:15:21:018]: User policy value 'DisableRollback' is 0
    MSI (s) (24:C0) [14:15:21:018]: Machine policy value 'DisableRollback' is 0
    Fin de l'action 14:15:21 : InstallFinalize. Valeur renvoyée 3.
    MSI (s) (24:C0) [14:15:21:018]: Note: 1: 2318 2:
    MSI (s) (24:C0) [14:15:21:049]: Executing op: Header(Signature=1397708873,Version=500,Timestamp=1385460197,LangId=1036,Platform=0,ScriptType=2,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1)
    MSI (s) (24:C0) [14:15:21:049]: Executing op: DialogInfo(Type=0,Argument=1036)
    MSI (s) (24:C0) [14:15:21:049]: Executing op: DialogInfo(Type=1,Argument=Sophos Anti-Virus)
    MSI (s) (24:C0) [14:15:21:049]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Annulation en cours de l'action :,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Suppression en cours des fichiers de sauvegarde,CleanupTemplate=Fichier : [1])
    MSI (s) (24:C0) [14:15:21:049]: Executing op: ActionStart(Name=SwiCalloutInstall.11DACB83_28A7_4FA6_AF5B_C006E340C101,,)
    MSI (s) (24:C0) [14:15:21:049]: Executing op: ProductInfo(ProductKey={31616A98-3852-49E9-BDD6-77A1AB85571A},ProductName=Sophos Anti-Virus,PackageName=Sophos Anti-Virus.msi,Language=1036,Version=168296458,Assignment=1,ObsoleteArg=0,ProductIcon=ARPPRODUCTICON.exe,,PackageCode={DA891FEE-A03E-4AE7-98FD-7F1E6F27DD3B},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0,ProductDeploymentFlags=3)
    MSI (s) (24:C0) [14:15:21:049]: Executing op: ActionStart(Name=SwiCalloutRollback.11DACB83_28A7_4FA6_AF5B_C006E340C101,,)
    MSI (s) (24:C0) [14:15:21:049]: Executing op: CustomActionRollback(Action=SwiCalloutRollback.11DACB83_28A7_4FA6_AF5B_C006E340C101,ActionType=3393,Source=BinaryData,Target=CAQuietExec,CustomActionData="C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_di.exe" -r "C:\windows\TEMP\SwiRebootRequired.txt" /u "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_callout.inf")
    MSI (s) (24:10) [14:15:21:049]: Invoking remote custom action. DLL: C:\windows\Installer\MSIC7A8.tmp, Entrypoint: CAQuietExec
    CAQuietExec: driverInstaller
    CAQuietExec:
    CAQuietExec: Uninstallation error: Unknown error code: 0xe0000302
    CAQuietExec: error:1
    CAQuietExec: Error 0x80070001: Command line returned an error.
    CAQuietExec: Error 0x80070001: CAQuietExec Failed
    CustomAction SwiCalloutRollback.11DACB83_28A7_4FA6_AF5B_C006E340C101 returned actual error code 1603 but will be translated to success due to continue marking
    MSI (s) (24:C0) [14:15:21:080]: Executing op: ActionStart(Name=SwiServiceRegister.11DACB83_28A7_4FA6_AF5B_C006E340C101,,)
    MSI (s) (24:C0) [14:15:21:080]: Executing op: ActionStart(Name=SwiServiceRollback.11DACB83_28A7_4FA6_AF5B_C006E340C101,,)
    MSI (s) (24:C0) [14:15:21:080]: Executing op: CustomActionRollback(Action=SwiServiceRollback.11DACB83_28A7_4FA6_AF5B_C006E340C101,ActionType=3393,Source=BinaryData,Target=UninstallService,CustomActionData=swi_service)
    MSI (s) (24:70) [14:15:21:080]: Invoking remote custom action. DLL: C:\windows\Installer\MSIC7C9.tmp, Entrypoint: UninstallService
    UninstallService: Unable to open service to delete it. Error 1060
    CustomAction SwiServiceRollback.11DACB83_28A7_4FA6_AF5B_C006E340C101 returned actual error code 1603 but will be translated to success due to continue marking

Children
No Data
Unfiltered HTML