Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 14 replies
  • Subscribers 3 subscribers
  • Views 2928 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem on reinstalling antivirus on computer

daunay olivier

 I've a problem with a computer (win2016) on which I deleted all sophos components + reboot and reinstall from the share of the new server.

All components are well download from the server, but impossible that antivirus part install.

I've tested all solution (desintall manual and SophosZap, clean registry, clean c:\programdata programfile and x86 )

I've tested Sophos Endpoint Defense: How to recover a tamper protected system

ALWAYS the same message in Log : 

2021-04-20 11:47:15 ERROR: Installation failed
2021-04-20 11:47:15 Info: SetupPlugin: Unable to open Application registry key to get Install Path.
2021-04-20 11:47:15 ERROR: Failed to get current install location to register with tamper protection. Error 0x80070002
2021-04-20 11:47:15 ERROR: Failed to update the major update counters (The result of the last run has not been set)

Please help me. 

 Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hello daunay olivier,

    this is from the ALUpdate log, isn't it?
    You say that everything installed except SAVXP (and it does not appear in Programs and Features)? The actual final error is the rather vague ERROR: Installation failed. The rest is just consequential. Guess there is nothing meaningful prior to this message.

    Please check the Sophos Anti-Virus Major Install and Sophos Anti-Virus Major CustomActions logs in %windir%\Temp.

    Christian

  • 0 in reply to QC

    Thank you for your response

    the log with the error was Sophos Anti-Virus Major Install Log

    I control the log Sophos Anti-Virus Major CustomActions Log and found this error :

    2021-04-20 11:47:01 CreateUserGroups: Action started
    2021-04-20 11:47:01 CreateUserGroups: CreateSophosUserGroup: Group SophosUser has been created successfully.
    2021-04-20 11:47:01 CreateUserGroups: CreateSophosUserGroup: Group SophosPowerUser has been created successfully.
    2021-04-20 11:47:01 CreateUserGroups: CreateSophosUserGroup: Group SophosAdministrator has been created successfully.
    2021-04-20 11:47:01 CreateUserGroups: CreateSophosUserGroup: Group SophosOnAccess has been created successfully.
    2021-04-20 11:47:01 CreateUserGroups: PROCESSOR_ARCHITECTURE environment variable is: AMD64
    2021-04-20 11:47:01 CreateUserGroups: Local name of well-known group Administrators is Administrateurs
    2021-04-20 11:47:01 CreateUserGroups: Local name of well-known group PowerUsers is Utilisateurs avec pouvoir
    2021-04-20 11:47:01 CreateUserGroups: Local name of well-known group Users is Utilisateurs
    2021-04-20 11:47:01 CreateUserGroups: Failed to add the members of group PowerUsers to SophosPowerUser group. HRESULT: 0x80070057
    2021-04-20 11:47:01 CreateUserGroups: Adding LOCAL SYSTEM to the SophosAdministrator role in the machine file
    2021-04-20 11:47:01 CreateUserGroups: Action succeeded

    I don't find these usergroups localy like on the other computer ?

  • 0 in reply to daunay olivier

    Hello ,

    the log with the error was Sophos Anti-Virus Major Install Log
    I see, thanks.  Whatever caused the install to fail should be in this log. Please search for the French equivalent of Return value 3 (there might be more than one occurrence). Normally the preceding lines have at least some information about the error.

    Christian

  • +1 in reply to QC

    I found 2 occurrences of "Valeur renvoyée 3"

    MSI (s) (18:D0) [14:21:15:079]: Executing op: ActionStart(Name=StartDriverServices,,)
    AddSIPSManagementUser Exit (283)
    MSI (s) (18:D0) [14:21:15:079]: Executing op: CustomActionSchedule(Action=StartDriverServices,ActionType=1025,Source=BinaryData,Target=StartDriverServices,CustomActionData=WIN7_AMD64)
    MSI (s) (18:6C) [14:21:15:079]: Invoking remote custom action. DLL: C:\windows\Installer\MSI2E3D.tmp, Entrypoint: StartDriverServices
    MSI (s) (18:D0) [14:21:15:111]: Executing op: ActionStart(Name=SetThreatLifeTimeRegistryKeyPermissions,,)
    MSI (s) (18:D0) [14:21:15:111]: Executing op: CustomActionSchedule(Action=SetThreatLifeTimeRegistryKeyPermissions,ActionType=1025,Source=BinaryData,Target=SetThreatLifeTimeRegistryKeyPermissions,)
    MSI (s) (18:BC) [14:21:15:111]: Invoking remote custom action. DLL: C:\windows\Installer\MSI2E5D.tmp, Entrypoint: SetThreatLifeTimeRegistryKeyPermissions
    MSI (s) (18:D0) [14:21:15:126]: Executing op: ActionStart(Name=SetupSspUserAccountRollback,,)
    MSI (s) (18:D0) [14:21:15:126]: Executing op: CustomActionSchedule(Action=SetupSspUserAccountRollback,ActionType=1345,Source=BinaryData,Target=CleanUpSsspUserAccount,CustomActionData=NT SERVICE\SAVService)
    MSI (s) (18:D0) [14:21:15:126]: Executing op: ActionStart(Name=SetupSspUserAccount,,)
    MSI (s) (18:D0) [14:21:15:126]: Executing op: CustomActionSchedule(Action=SetupSspUserAccount,ActionType=1089,Source=BinaryData,Target=SetupSspUserAccount,CustomActionData=NT SERVICE\SAVService)
    MSI (s) (18:60) [14:21:15:126]: Invoking remote custom action. DLL: C:\windows\Installer\MSI2E6E.tmp, Entrypoint: SetupSspUserAccount
    SetupSspUserAccount: Initialized.
    SetupSspUserAccount: LoadAccount(SophosSSPUser) failed (error 1332)
    SetupSspUserAccount: Granting permissions to user "NT SERVICE\SAVService"
    MSI (s) (18:D0) [14:21:15:486]: Executing op: ActionStart(Name=SetServiceSecurity,,)
    SetupSspUserAccount: Service is not installed.
    MSI (s) (18:D0) [14:21:15:486]: Executing op: CustomActionSchedule(Action=SetServiceSecurity,ActionType=1025,Source=BinaryData,Target=SetServiceSecurity,)
    MSI (s) (18:40) [14:21:15:486]: Invoking remote custom action. DLL: C:\windows\Installer\MSI2FD6.tmp, Entrypoint: SetServiceSecurity
    MSI (s) (18:D0) [14:21:15:501]: Executing op: ActionStart(Name=SetServiceRecoveryActions,,)
    MSI (s) (18:D0) [14:21:15:501]: Executing op: CustomActionSchedule(Action=SetServiceRecoveryActions,ActionType=1025,Source=BinaryData,Target=SetServiceRecoveryActions,)
    MSI (s) (18:60) [14:21:15:501]: Invoking remote custom action. DLL: C:\windows\Installer\MSI2FE7.tmp, Entrypoint: SetServiceRecoveryActions
    MSI (s) (18:D0) [14:21:15:517]: Executing op: ActionStart(Name=RollbackInstallDeviceControl,,)
    MSI (s) (18:D0) [14:21:15:517]: Executing op: CustomActionSchedule(Action=RollbackInstallDeviceControl,ActionType=1281,Source=BinaryData,Target=RollbackInstallDeviceControl,)
    MSI (s) (18:D0) [14:21:15:532]: Executing op: ActionStart(Name=InstallDeviceControl,,)
    MSI (s) (18:D0) [14:21:15:532]: Executing op: CustomActionSchedule(Action=InstallDeviceControl,ActionType=1025,Source=BinaryData,Target=InstallDeviceControl,CustomActionData="C:\Program Files (x86)\Sophos\Sophos Anti-Virus\""C:\ProgramData\Sophos\AutoUpdate\cache\savxp\")
    MSI (s) (18:24) [14:21:15:532]: Invoking remote custom action. DLL: C:\windows\Installer\MSI3007.tmp, Entrypoint: InstallDeviceControl
    MSI (s) (18:D0) [14:21:15:548]: Executing op: ActionStart(Name=SetAdminGroupDescription,,)
    MSI (s) (18:D0) [14:21:15:548]: Executing op: CustomActionSchedule(Action=SetAdminGroupDescription,ActionType=1025,Source=BinaryData,Target=SetAdminGroupDescription,CustomActionData=Les SophosAdministrators peuvent exécuter Sophos Anti-Virus avec un accès total)
    MSI (s) (18:C8) [14:21:15:564]: Invoking remote custom action. DLL: C:\windows\Installer\MSI3018.tmp, Entrypoint: SetAdminGroupDescription
    MSI (s) (18:D0) [14:21:15:579]: Executing op: ActionStart(Name=SetPowerGroupDescription,,)
    MSI (s) (18:D0) [14:21:15:579]: Executing op: CustomActionSchedule(Action=SetPowerGroupDescription,ActionType=1025,Source=BinaryData,Target=SetPowerGroupDescription,CustomActionData=Les SophosPowerUsers peuvent exécuter Sophos Anti-Virus avec le même accès que les SophosUsers mais avec un accès supérieur au nettoyage)
    MSI (s) (18:E0) [14:21:15:579]: Invoking remote custom action. DLL: C:\windows\Installer\MSI3038.tmp, Entrypoint: SetPowerGroupDescription
    MSI (s) (18:D0) [14:21:15:595]: Executing op: ActionStart(Name=SetUserGroupDescription,,)
    MSI (s) (18:D0) [14:21:15:595]: Executing op: CustomActionSchedule(Action=SetUserGroupDescription,ActionType=1025,Source=BinaryData,Target=SetUserGroupDescription,CustomActionData=Les SophosUsers peuvent exécuter Sophos Anti-Virus avec un accès limité à la configuration du contrôle et au nettoyage)
    MSI (s) (18:6C) [14:21:15:595]: Invoking remote custom action. DLL: C:\windows\Installer\MSI3049.tmp, Entrypoint: SetUserGroupDescription
    MSI (s) (18:D0) [14:21:15:611]: Executing op: ActionStart(Name=MsiConfigureServices,,)
    MSI (s) (18:D0) [14:21:15:611]: Executing op: ProgressTotal(Total=2,Type=1,ByteEquivalent=1300000)
    MSI (s) (18:D0) [14:21:15:611]: Executing op: ServiceConfigure(,Name=SAVService,Event=5,ConfigType=5,Argument=1)
    MSI (s) (18:D0) [14:21:15:611]: Changing configuration of service SAVService.
    MSI (s) (18:D0) [14:21:15:611]: Changed configuration of service SAVService with ConfigType SERVICE_CONFIG_SERVICE_SID_INFO
    MSI (s) (18:D0) [14:21:15:611]: Done changing configuration of service SAVService
    MSI (s) (18:D0) [14:21:15:611]: Executing op: ServiceConfigure(,Name=SAVAdminService,Event=5,ConfigType=5,Argument=1)
    MSI (s) (18:D0) [14:21:15:611]: Changing configuration of service SAVAdminService.
    MSI (s) (18:D0) [14:21:15:611]: Changed configuration of service SAVAdminService with ConfigType SERVICE_CONFIG_SERVICE_SID_INFO
    MSI (s) (18:D0) [14:21:15:611]: Done changing configuration of service SAVAdminService
    MSI (s) (18:D0) [14:21:15:611]: Executing op: ActionStart(Name=SetOnAccessGroupDescription,,)
    MSI (s) (18:D0) [14:21:15:626]: Executing op: CustomActionSchedule(Action=SetOnAccessGroupDescription,ActionType=1025,Source=BinaryData,Target=SetOnAccessGroupDescription,CustomActionData=Contient des comptes utilisés par Sophos Anti-Virus lorsqu'il effectue les opérations de contrôle des menaces et de nettoyage)
    MSI (s) (18:70) [14:21:15:626]: Invoking remote custom action. DLL: C:\windows\Installer\MSI3069.tmp, Entrypoint: SetOnAccessGroupDescription
    MSI (s) (18:D0) [14:21:15:642]: Executing op: ActionStart(Name=DisablePUADetection,,)
    MSI (s) (18:D0) [14:21:15:642]: Executing op: CustomActionSchedule(Action=DisablePUADetection,ActionType=1025,Source=BinaryData,Target=DisablePUADetection,CustomActionData=C:\ProgramData\Sophos\Sophos Anti-Virus\Config)
    MSI (s) (18:5C) [14:21:15:642]: Invoking remote custom action. DLL: C:\windows\Installer\MSI3079.tmp, Entrypoint: DisablePUADetection
    MSI (s) (18:D0) [14:21:15:658]: Executing op: ActionStart(Name=DeleteExpiredCaches,,)
    MSI (s) (18:D0) [14:21:15:658]: Executing op: CustomActionSchedule(Action=DeleteExpiredCaches,ActionType=1025,Source=BinaryData,Target=DeleteExpiredCaches,)
    MSI (s) (18:A4) [14:21:15:658]: Invoking remote custom action. DLL: C:\windows\Installer\MSI308A.tmp, Entrypoint: DeleteExpiredCaches
    MSI (s) (18:D0) [14:21:15:673]: Executing op: ActionStart(Name=EnableJournals,,)
    MSI (s) (18:D0) [14:21:15:673]: Executing op: CustomActionSchedule(Action=EnableJournals,ActionType=1025,Source=BinaryData,Target=EnableJournals,)
    MSI (s) (18:E8) [14:21:15:673]: Invoking remote custom action. DLL: C:\windows\Installer\MSI309B.tmp, Entrypoint: EnableJournals
    MSI (s) (18:D0) [14:21:15:689]: Executing op: ActionStart(Name=DisableWebProtection,,)
    MSI (s) (18:D0) [14:21:15:689]: Executing op: CustomActionSchedule(Action=DisableWebProtection,ActionType=1025,Source=BinaryData,Target=DisableWebProtection,CustomActionData=C:\ProgramData\Sophos\Sophos Anti-Virus\Config)
    MSI (s) (18:48) [14:21:15:689]: Invoking remote custom action. DLL: C:\windows\Installer\MSI30AB.tmp, Entrypoint: DisableWebProtection
    MSI (s) (18:D0) [14:21:15:704]: Executing op: ActionStart(Name=DisableSxlLookups,,)
    MSI (s) (18:D0) [14:21:15:704]: Executing op: CustomActionSchedule(Action=DisableSxlLookups,ActionType=1025,Source=BinaryData,Target=DisableSxlLookups,CustomActionData=C:\ProgramData\Sophos\Sophos Anti-Virus\Config)
    MSI (s) (18:A4) [14:21:15:720]: Invoking remote custom action. DLL: C:\windows\Installer\MSI30BC.tmp, Entrypoint: DisableSxlLookups
    MSI (s) (18:D0) [14:21:15:720]: Executing op: ActionStart(Name=CheckSNMPDLLPresence,,)
    MSI (s) (18:D0) [14:21:15:736]: Executing op: CustomActionSchedule(Action=CheckSNMPDLLPresence,ActionType=1025,Source=BinaryData,Target=CheckSNMPDLLPresence,CustomActionData=C:\ProgramData\Sophos\Sophos Anti-Virus\Config)
    MSI (s) (18:F4) [14:21:15:736]: Invoking remote custom action. DLL: C:\windows\Installer\MSI30DC.tmp, Entrypoint: CheckSNMPDLLPresence
    MSI (s) (18:D0) [14:21:15:751]: Executing op: ActionStart(Name=UpdateSXLServerList,,)
    MSI (s) (18:D0) [14:21:15:751]: Executing op: CustomActionSchedule(Action=UpdateSXLServerList,ActionType=1025,Source=BinaryData,Target=UpdateSXLServerList,CustomActionData="C:\Program Files (x86)\Sophos\Sophos Anti-Virus\""C:\ProgramData\Sophos\Sophos Anti-Virus\Config")
    MSI (s) (18:20) [14:21:15:751]: Invoking remote custom action. DLL: C:\windows\Installer\MSI30ED.tmp, Entrypoint: UpdateSXLServerList
    MSI (s) (18:D0) [14:21:15:782]: Executing op: ActionStart(Name=ApplySAVControlFile,,)
    MSI (s) (18:D0) [14:21:15:782]: Executing op: CustomActionSchedule(Action=ApplySAVControlFile,ActionType=1025,Source=BinaryData,Target=ApplySAVControlFile,CustomActionData="C:\ProgramData\Sophos\AutoUpdate\cache\savxp\""C:\ProgramData\Sophos\Sophos Anti-Virus\Config")
    MSI (s) (18:9C) [14:21:15:798]: Invoking remote custom action. DLL: C:\windows\Installer\MSI310D.tmp, Entrypoint: ApplySAVControlFile
    MSI (s) (18:D0) [14:21:15:814]: Executing op: ActionStart(Name=GenerateSavMachineId,,)
    MSI (s) (18:D0) [14:21:15:814]: Executing op: CustomActionSchedule(Action=GenerateSavMachineId,ActionType=1025,Source=BinaryData,Target=GenerateSavMachineId,)
    MSI (s) (18:58) [14:21:15:814]: Invoking remote custom action. DLL: C:\windows\Installer\MSI312D.tmp, Entrypoint: GenerateSavMachineId
    MSI (s) (18:D0) [14:21:15:829]: Executing op: ActionStart(Name=RegisterProduct,Description=Inscription en cours du produit,Template=[1])
    MSI (s) (18:D0) [14:21:15:829]: Executing op: ChangeMedia(MediaVolumeLabel=DISK1,MediaPrompt=Veuillez insérer le disque : 1,,BytesPerTick=0,CopierType=0,,,,,,IsFirstPhysicalMedia=1)
    MSI (s) (18:D0) [14:21:15:829]: Executing op: DatabaseCopy(DatabasePath=C:\windows\Installer\9dc78a.msi,ProductCode={31616A98-3852-49E9-BDD6-77A1AB85571A},,,)
    MSI (s) (18:D0) [14:21:15:829]: Note: 1: 1402 2: UNKNOWN\Products\89A6161325839E94DB6D771ABA5875A1\InstallProperties 3: 2
    MSI (s) (18:D0) [14:21:15:829]: Note: 1: 2318 2: C:\windows\Installer\9dc78e.msi
    MSI (s) (18:D0) [14:21:15:829]: File will have security applied from OpCode.
    MSI (s) (18:D0) [14:21:15:829]: Executing op: ProductRegister(UpgradeCode={597B239E-3032-491A-A322-817737925E8A},VersionString=10.8.10.810,HelpLink=www.sophos.fr/support,HelpTelephone= ,InstallLocation=C:\Program Files (x86)\Sophos\Sophos Anti-Virus\,InstallSource=C:\ProgramData\Sophos\AutoUpdate\cache\savxp\,Publisher=Sophos Limited,URLInfoAbout=www.sophos.fr,URLUpdateInfo=http:/.../updates,,NoModify=1,NoRepair=1,,Comments=Protège votre ordinateur et votre réseau contre les menaces ,Contact=Support technique Sophos,,,,EstimatedSize=58259,,,,)
    MSI (s) (18:D0) [14:21:15:829]: Executing op: ProductCPDisplayInfoRegister()
    MSI (s) (18:D0) [14:21:15:829]: Executing op: ActionStart(Name=PublishFeatures,Description=Publication des fonctions du produit,Template=Fonction : [1])
    MSI (s) (18:D0) [14:21:15:829]: Executing op: FeaturePublish(Feature=SAVService,,Absent=2,Component=Vg@q[]0GO?nmG^LCD4kt2y1ew`QzF9TS&39+j5vrAFB8?=f[z8nmu`RXU$4SaNyflE0OU?cWtkY2sAg*CJv{jz)vo=.&s7Mw}i@@*4tG&LM6_=rZL8sao&W+L}RJ_nt0v=b&X9K@)_4CmDhxkHF`F?_BRZ7dn2pUY~GizzPss89K7$F=-b!1e0]64Kvq$@L-_er4aQk!)

    MSI (s) (18:D0) [14:21:15:845]: Executing op: FeaturePublish(Feature=MainComponents,,Absent=2,Component=sprrGUM,$=-[&ltw@0PwS8t,d=~Bl9Fx7YP,u$!X[l'1cG)mZ9]S4!kCb{$IuVIhIE`XT9{hbt=DY3el!u'`3%hL'9TN*q9fia6pkA-3_~J9{8b$sHYm,bPO%5~xceiij94Rl(R5pfNMHu=b?x[T=?&(TgtXr(ePa51?rAl)p?9r`WW.X!oX,nM~fFRY(=0)(^yUawLfIg4)*$6]?A*cZjw=iOw]r_+~b3xUW9^OEK$,mX3l?`F[h.Ao!=51B3@Gk2]!Owe)[k}X,=T~aALA_N=_[ziyG.*7m@0YWkq*u5KmK^*jLJ.H`=j_S*QxCz4u9?9)2k3hi?QTI)griQ0=[_K,qqU-'A.F2oSSV*E6!74S*H6)+=e{gOXz0{PE-Y+q]$R(J9'{&'-Q7RWDrZ071RO5w8eQM8B6g[Ar2tKQZzrNe=e0XoLr^TT5njbNC9aEZ=x`[}V?Mso^X]TF@BT25??u7=dxHrNhM'a+c-A@{9+R'~g*HXdm-3}-^=I[U=^Re^!fg^eqeAKBxLonMArnQchEI]z_%p!JNLs&I9OSwWA.V5xT?D.L.W=Wo?rr$(Q`6ruqi-.Req^wl9'V]Mbj3*fXH4ae7oue2=PMw%wY~RkBbO-^6@b!'94G3'UC$q~JWqX$hUrJk=d*Bs5+WN{JS)7jPz^Og@jsO(bn!(dDVnWISNc$I@6$d5A'(PvkniW1sZCsY@ZHrL_y+BuIWwYuotW3{8gIL]KAx^qU.&snxj(gt9uepMv~]subZJL@z{Y-.?D^6')v'~9v9RZc(jFgL9R-R[.X`Jw3t+`0tdNmC9xSmcpZk-V(zUav*5'`YAc]34O(wZr`2fonKb6Co@8p)6O4OT3W1eHFT1F(8=9Sz(.0g8wR3{7nvCI'+@y6-W^D@g&5F'6awnl-a@t)Mfu2`)61Uhw!21{rk8%JJbBjqW-LQ=-MB[klXA*AIw8je{CjS`,Y!pof.@FbG2PW5zxY=x+TBXgS,@rmm-6
    MSI (s) (18:D0) [14:21:15:845]: Executing op: FeaturePublish(Feature=HomeEdition,,Absent=2,Component=vj+?00,@p95P54q'~A4U)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: FeaturePublish(Feature=ConfigFiles,,Absent=2,Component=4Q3DKM`l9A^xRd=eqM,.LIz+m4,=2=2?zF=(m^gksjInj%8FeAn!zWF}kRS@A)FtjR108A*(6`pbXBO!%zt'$rt(_8i9+@Q5xX.&DIo{]xCw0AjQL2FV)9'QR7DXeKGX5?R-8DYuEH=PrdxWg3r((9F~v'{[&aAkfz'*@uFg,=P&HPAg@f&rs6z_KG$7Z@Sm_2qnJf=FmP^U*n,r*AemwXRtQkiz)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: FeaturePublish(Feature=Resources,,Absent=2,Component=?$?&&WFt`8a&B`.f~7`u_]K_ZW!6z80Rb{`RtQmA0+I,2M+*^A!Oq7j8fv8[[8{xvmn[n?.$('%+n--*-sHCP?+VPAT[pV7l2WvBA}i^0rrH]A}6D?S^U0!+AoHV?%BO+Ax]wSB,NiBp894@j@v_X9Lho`OH@bm-ZC2`yuZ(!9[(i}FzduNl_75Lwf^?_8F?@W!i)M`''iRkI*ZWY@ft]q_=8`d`)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: FeaturePublish(Feature=EngineFiles,,Absent=2,Component=B'H[7pbT+9RjCb&klv}8)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: FeaturePublish(Feature=ServiceComponents,,Absent=2,Component=$F{Ui&C@BA*({-6m[ch8p?)^w@e]UAE]BB3c*I*d}ofI&wxEB=CKG)%vix@QuWPR-@hf%?q$,A8TZ{V5u6ilKVh6,9!Y-}v+egguUq]plY8My@!(.Q9g]C_dyahe_Zx!K?'y}5Ig!$BNy,+MB3~Y*?G~Ah8_5C}MBd@$xK(o09zh6`MQ(R{l,aP=7z70[AT9MABI({,J=WuylnAOV?34xJHfz?(+u-wad?0e&9%E!Luxt8XRTob_fH,I{8(Z=_&^1utaAby.bX73p8rbSi$X0e..p[V+2@fOV@F-nf0ls)yhmsZ]`L$A$?Qk2anN=CKd@My_H289H9mW{@KX%g5vJu7y]L1CP?T$id028`0I6H,PUK7f3@kH!TUL9s[t[C3,h`]lT?EJF$PimCc63j6qDn0?}8K'2@LrMX]QT(wJNxo}r=Aa1+{q^7]s%@'hq^'O4A-}$ldrqg8pLwL(Z*c*[?'8ZTpRVOFBy[K&H=HsY?D$Rz-=k%gS)uR}y6KQr8}{TV'JOMVMMkOqQ&~UM@v[@@StB[?a&,PX,iFM*?3D},350cKc~d4ZO,bq79rbveSUbkN4u'7?W&A3!=}IPYO,^%9R0)H5gnJbt?&aP^pI?z+.,0!}]4a3^97NiX,q))gOag+{VP_w*9G3Q?fJV.@PGS8o$t3oo97FwL*$$e~8VYV.u1uG]=c{r}UlZn~W+Bg_d@0909ta40fBxJwN-KC{C2*vdAOVt1eKP'Y947r*a5ZbO=$HMH,7*d.XnzL)u,Hdc?]a)EPrh`jb.[5%X5&s+?PS22)2-+.h6_6?FQmY'@qdd*i!qk'PrA]SLe.da=vV3%?$]&7'3P2drzji3AH[@ClJU7.u!BlV0Lfv~9(NetU}4xgcY[.'Z?5fe=p$$Yb2nRZWT5eA[fE5dAMbCr]yATI'Xv.ur?~hE=P!VBN-CjLjsh26&fuCD?lEVp^5krd1hNpir]'l-?*5?AZf&felFR!Ev$6=-?D1
    MSI (s) (18:D0) [14:21:15:845]: Executing op: ActionStart(Name=PublishProduct,Description=Publication en cours des informations sur le produit,)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: CleanupConfigData()
    MSI (s) (18:D0) [14:21:15:845]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\89A6161325839E94DB6D771ABA5875A1\Patches 3: 2
    MSI (s) (18:D0) [14:21:15:845]: Executing op: RegisterPatchOrder(Continue=0,SequenceType=1,Remove=0)
    MSI (s) (18:D0) [14:21:15:845]: Note: 1: 1402 2: UNKNOWN\Products\89A6161325839E94DB6D771ABA5875A1\Patches 3: 2
    MSI (s) (18:D0) [14:21:15:845]: Executing op: ProductPublish(PackageKey={DA891FEE-A03E-4AE7-98FD-7F1E6F27DD3B})
    MSI (s) (18:D0) [14:21:15:845]: Note: 1: 1402 2: UNKNOWN\Installer\Products\89A6161325839E94DB6D771ABA5875A1 3: 2
    MSI (s) (18:D0) [14:21:15:845]: Note: 1: 1402 2: UNKNOWN\Installer\Products\89A6161325839E94DB6D771ABA5875A1 3: 2
    MSI (s) (18:D0) [14:21:15:845]: Note: 1: 1402 2: UNKNOWN\Installer\Products\89A6161325839E94DB6D771ABA5875A1 3: 2
    MSI (s) (18:D0) [14:21:15:845]: Note: 1: 1402 2: UNKNOWN\Installer\Products\89A6161325839E94DB6D771ABA5875A1 3: 2
    MSI (s) (18:D0) [14:21:15:845]: Note: 1: 1402 2: UNKNOWN\Installer\Products\89A6161325839E94DB6D771ABA5875A1 3: 2
    MSI (s) (18:D0) [14:21:15:845]: Note: 1: 1402 2: UNKNOWN\Installer\Products\89A6161325839E94DB6D771ABA5875A1 3: 2
    MSI (s) (18:D0) [14:21:15:845]: Note: 1: 1402 2: UNKNOWN\Installer\Products\89A6161325839E94DB6D771ABA5875A1 3: 2
    MSI (s) (18:D0) [14:21:15:845]: Note: 1: 1402 2: UNKNOWN\Installer\Products\89A6161325839E94DB6D771ABA5875A1 3: 2
    MSI (s) (18:D0) [14:21:15:845]: Note: 1: 1402 2: UNKNOWN\Installer\Products\89A6161325839E94DB6D771ABA5875A1 3: 2
    MSI (s) (18:D0) [14:21:15:845]: Note: 1: 1402 2: UNKNOWN\Installer\Products\89A6161325839E94DB6D771ABA5875A1 3: 2
    MSI (s) (18:D0) [14:21:15:845]: Note: 1: 1402 2: UNKNOWN\Installer\Products\89A6161325839E94DB6D771ABA5875A1 3: 2
    MSI (s) (18:D0) [14:21:15:845]: Executing op: UpgradeCodePublish(UpgradeCode={597B239E-3032-491A-A322-817737925E8A})
    MSI (s) (18:D0) [14:21:15:845]: Executing op: SourceListPublish(,,DiskPromptTemplate=[1],,NumberOfDisks=1)
    MSI (s) (18:D0) [14:21:15:845]: Note: 1: 1402 2: UNKNOWN\Installer\Products\89A6161325839E94DB6D771ABA5875A1\SourceList 3: 2
    MSI (s) (18:D0) [14:21:15:845]: Executing op: ProductPublishClient(,,)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: SourceListRegisterLastUsed(SourceProduct={31616A98-3852-49E9-BDD6-77A1AB85571A},LastUsedSource=C:\ProgramData\Sophos\AutoUpdate\cache\savxp\)
    MSI (s) (18:D0) [14:21:15:845]: Entering CMsiConfigurationManager::SetLastUsedSource.
    MSI (s) (18:D0) [14:21:15:845]: Specifed source is already in a list.
    MSI (s) (18:D0) [14:21:15:845]: User policy value 'SearchOrder' is 'nmu'
    MSI (s) (18:D0) [14:21:15:845]: Adding new sources is allowed.
    MSI (s) (18:D0) [14:21:15:845]: Set LastUsedSource to: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\.
    MSI (s) (18:D0) [14:21:15:845]: Set LastUsedType to: n.
    MSI (s) (18:D0) [14:21:15:845]: Set LastUsedIndex to: 1.
    MSI (s) (18:D0) [14:21:15:845]: Executing op: ActionStart(Name=RollbackRegisterTamperProtectionControlX64,,)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: CustomActionSchedule(Action=RollbackRegisterTamperProtectionControlX64,ActionType=1378,Source=C:\windows\SysWOW64\,Target="C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\NATIVE.EXE" 37 REGSVR32.EXE /u /s "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\TamperProtectionControlX64.dll",)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: ActionStart(Name=RollbackRegisterSavShellExtX64,,)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: CustomActionSchedule(Action=RollbackRegisterSavShellExtX64,ActionType=1378,Source=C:\windows\SysWOW64\,Target="C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\NATIVE.EXE" 37 REGSVR32.EXE /u /s "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\SavShellExtX64.dll",)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: ActionStart(Name=RollbackRegisterSophosOfficeAV,,)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: CustomActionSchedule(Action=RollbackRegisterSophosOfficeAV,ActionType=1378,Source=C:\windows\SysWOW64\,Target=REGSVR32.EXE /u /s "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\SophosOfficeAV.dll",)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: ActionStart(Name=RollbackRegisterSophosOfficeAVX64,,)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: CustomActionSchedule(Action=RollbackRegisterSophosOfficeAVX64,ActionType=1378,Source=C:\windows\SysWOW64\,Target="C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\NATIVE.EXE" 37 REGSVR32.EXE /u /s "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\SophosOfficeAVx64.dll",)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: ActionStart(Name=RegisterTamperProtectionControlX64,,)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: CustomActionSchedule(Action=RegisterTamperProtectionControlX64,ActionType=1570,Source=C:\windows\SysWOW64\,Target="C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\NATIVE.EXE" 37 REGSVR32.EXE /s "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\TamperProtectionControlX64.dll",)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: ActionStart(Name=RegisterSavShellExtX64,,)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: CustomActionSchedule(Action=RegisterSavShellExtX64,ActionType=1570,Source=C:\windows\SysWOW64\,Target="C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\NATIVE.EXE" 37 REGSVR32.EXE /s "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\SavShellExtX64.dll",)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: ActionStart(Name=RegisterSophosOfficeAV,,)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: CustomActionSchedule(Action=RegisterSophosOfficeAV,ActionType=1570,Source=C:\windows\SysWOW64\,Target=REGSVR32.EXE /s "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\SophosOfficeAV.dll",)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: ActionStart(Name=RegisterSophosOfficeAVX64,,)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: CustomActionSchedule(Action=RegisterSophosOfficeAVX64,ActionType=1570,Source=C:\windows\SysWOW64\,Target="C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\NATIVE.EXE" 37 REGSVR32.EXE /s "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\SophosOfficeAVx64.dll",)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: ActionStart(Name=RollbackInstallSecurityCenter,,)
    MSI (s) (18:D0) [14:21:15:845]: Executing op: CustomActionSchedule(Action=RollbackInstallSecurityCenter,ActionType=1281,Source=BinaryData,Target=UninstallSecurityCenter,CustomActionData=10.8.10.810;)
    MSI (s) (18:D0) [14:21:15:861]: Executing op: ActionStart(Name=RunPreLaunchScript,,)
    MSI (s) (18:D0) [14:21:15:861]: Executing op: CustomActionSchedule(Action=RunPreLaunchScript,ActionType=1025,Source=BinaryData,Target=RunPreLaunchScripts,CustomActionData="C:\Program Files (x86)\Sophos\Sophos Anti-Virus\""C:\ProgramData\Sophos\AutoUpdate\cache\savxp\""10.8.10.810")
    MSI (s) (18:04) [14:21:15:876]: Invoking remote custom action. DLL: C:\windows\Installer\MSI315D.tmp, Entrypoint: RunPreLaunchScripts
    MSI (s) (18:D0) [14:21:15:876]: Executing op: ActionStart(Name=RegisterDCIfEnabled,,)
    MSI (s) (18:D0) [14:21:15:892]: Executing op: CustomActionSchedule(Action=RegisterDCIfEnabled,ActionType=1537,Source=BinaryData,Target=RegisterDCIfEnabled,)
    MSI (s) (18:D0) [14:21:15:892]: Executing op: ActionStart(Name=StartSAVServices,,)
    MSI (s) (18:D0) [14:21:15:907]: Executing op: CustomActionSchedule(Action=StartSAVServices,ActionType=1537,Source=BinaryData,Target=StartSAVServices,)
    MSI (s) (18:D0) [14:21:15:923]: Executing op: ActionStart(Name=CopySwiFcRollback.11DACB83_28A7_4FA6_AF5B_C006E340C101,,)
    MSI (s) (18:D0) [14:21:15:923]: Executing op: CustomActionSchedule(Action=CopySwiFcRollback.11DACB83_28A7_4FA6_AF5B_C006E340C101,ActionType=3073,Source=BinaryData,Target=RenameAndMarkForDelete,CustomActionData=C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_fc.exe)
    MSI (s) (18:64) [14:21:15:923]: Invoking remote custom action. DLL: C:\windows\Installer\MSI319D.tmp, Entrypoint: RenameAndMarkForDelete
    MSI (s) (18:D0) [14:21:15:923]: Executing op: ActionStart(Name=CopySwiFcToProgramData.11DACB83_28A7_4FA6_AF5B_C006E340C101,,)
    MSI (s) (18:D0) [14:21:15:923]: Executing op: CustomActionSchedule(Action=CopySwiFcToProgramData.11DACB83_28A7_4FA6_AF5B_C006E340C101,ActionType=3073,Source=BinaryData,Target=CopyToShadowDir,CustomActionData=C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_fc.exe)
    MSI (s) (18:10) [14:21:15:923]: Invoking remote custom action. DLL: C:\windows\Installer\MSI319E.tmp, Entrypoint: CopyToShadowDir
    MSI (s) (18:D0) [14:21:15:939]: Executing op: ActionStart(Name=CopyScfDotDatToProgramData.11DACB83_28A7_4FA6_AF5B_C006E340C101,,)
    CopyToShadowDir: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_fc.exe has been copied to C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
    MSI (s) (18:D0) [14:21:15:939]: Executing op: CustomActionSchedule(Action=CopyScfDotDatToProgramData.11DACB83_28A7_4FA6_AF5B_C006E340C101,ActionType=3073,Source=BinaryData,Target=CopyToShadowDir,CustomActionData=C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\scf.dat)
    MSI (s) (18:E0) [14:21:15:939]: Invoking remote custom action. DLL: C:\windows\Installer\MSI31AE.tmp, Entrypoint: CopyToShadowDir
    MSI (s) (18:D0) [14:21:15:939]: Executing op: ActionStart(Name=SwiServiceRollback.11DACB83_28A7_4FA6_AF5B_C006E340C101,,)
    CopyToShadowDir: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\scf.dat has been copied to C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\scf.dat
    MSI (s) (18:D0) [14:21:15:954]: Executing op: CustomActionSchedule(Action=SwiServiceRollback.11DACB83_28A7_4FA6_AF5B_C006E340C101,ActionType=3393,Source=BinaryData,Target=UninstallService,CustomActionData=swi_service)
    MSI (s) (18:D0) [14:21:15:954]: Executing op: ActionStart(Name=SwiServiceRegister.11DACB83_28A7_4FA6_AF5B_C006E340C101,,)
    MSI (s) (18:D0) [14:21:15:954]: Executing op: CustomActionSchedule(Action=SwiServiceRegister.11DACB83_28A7_4FA6_AF5B_C006E340C101,ActionType=3585,Source=BinaryData,Target=CAQuietExec,CustomActionData="C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe" /registerService)
    MSI (s) (18:D0) [14:21:15:954]: Executing op: ActionStart(Name=SwiCalloutRollback.11DACB83_28A7_4FA6_AF5B_C006E340C101,,)
    MSI (s) (18:D0) [14:21:15:954]: Executing op: CustomActionSchedule(Action=SwiCalloutRollback.11DACB83_28A7_4FA6_AF5B_C006E340C101,ActionType=3393,Source=BinaryData,Target=CAQuietExec,CustomActionData="C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_di.exe" -r "C:\windows\TEMP\SwiRebootRequired.txt" /u "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_callout.inf")
    MSI (s) (18:D0) [14:21:15:954]: Executing op: ActionStart(Name=SwiCalloutInstall.11DACB83_28A7_4FA6_AF5B_C006E340C101,,)
    MSI (s) (18:D0) [14:21:15:954]: Executing op: CustomActionSchedule(Action=SwiCalloutInstall.11DACB83_28A7_4FA6_AF5B_C006E340C101,ActionType=3073,Source=BinaryData,Target=CAQuietExec,CustomActionData="C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_di.exe" -r "C:\windows\TEMP\SwiRebootRequired.txt" "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_callout.inf")
    MSI (s) (18:44) [14:21:15:954]: Invoking remote custom action. DLL: C:\windows\Installer\MSI31BF.tmp, Entrypoint: CAQuietExec
    CAQuietExec: driverInstaller
    CAQuietExec:
    CAQuietExec: Installation error: The driver package is not signed.
    CAQuietExec: error:1
    CAQuietExec: Error 0x80070001: Command line returned an error.
    CAQuietExec: Error 0x80070001: CAQuietExec Failed
    CustomAction SwiCalloutInstall.11DACB83_28A7_4FA6_AF5B_C006E340C101 returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
    MSI (s) (18:D0) [14:21:16:048]: Note: 1: 2265 2: 3: -2147287035
    MSI (s) (18:D0) [14:21:16:048]: User policy value 'DisableRollback' is 0
    MSI (s) (18:D0) [14:21:16:048]: Machine policy value 'DisableRollback' is 0
    Fin de l'action 14:21:16 : InstallFinalize. Valeur renvoyée 3.

    MSI (s) (18:D0) [14:21:22:170]: Executing op: ActionStart(Name=RunErrorScript,,)
    MSI (s) (18:D0) [14:21:22:170]: Executing op: CustomActionRollback(Action=RunErrorScript,ActionType=1345,Source=BinaryData,Target=RunErrorScripts,CustomActionData="C:\Program Files (x86)\Sophos\Sophos Anti-Virus\""C:\ProgramData\Sophos\AutoUpdate\cache\savxp\""10.8.10.810")
    MSI (s) (18:04) [14:21:22:186]: Invoking remote custom action. DLL: C:\windows\Installer\MSI4A0D.tmp, Entrypoint: RunErrorScripts
    MSI (s) (18:D0) [14:21:22:202]: Executing op: ActionStart(Name=CheckRegForNullDACLs,,)
    MSI (s) (18:D0) [14:21:22:202]: Executing op: ActionStart(Name=RestoreMovedFiles,,)
    MSI (s) (18:D0) [14:21:22:202]: Executing op: CustomActionRollback(Action=RestoreMovedFiles,ActionType=1281,Source=BinaryData,Target=RestoreMovedFiles,CustomActionData=C:\Program Files (x86)\Sophos\Sophos Anti-Virus\)
    MSI (s) (18:64) [14:21:22:202]: Invoking remote custom action. DLL: C:\windows\Installer\MSI4A2D.tmp, Entrypoint: RestoreMovedFiles
    MSI (s) (18:D0) [14:21:22:217]: Executing op: ActionStart(Name=SetUpdateFailed,,)
    MSI (s) (18:D0) [14:21:22:217]: Executing op: CustomActionRollback(Action=SetUpdateFailed,ActionType=1281,Source=BinaryData,Target=SetUpdateFailed,)
    MSI (s) (18:10) [14:21:22:217]: Invoking remote custom action. DLL: C:\windows\Installer\MSI4A3E.tmp, Entrypoint: SetUpdateFailed
    MSI (s) (18:D0) [14:21:22:233]: Executing op: End(Checksum=0,ProgressTotalHDWord=0,ProgressTotalLDWord=0)
    MSI (s) (18:D0) [14:21:22:233]: Error in rollback skipped. Return: 5
    MSI (s) (18:D0) [14:21:22:233]: Note: 1: 2318 2:
    MSI (s) (18:D0) [14:21:22:249]: Note: 1: 2318 2:
    MSI (s) (18:D0) [14:21:22:249]: No System Restore sequence number for this installation.
    MSI (s) (18:D0) [14:21:22:249]: Unlocking Server
    MSI (s) (18:D0) [14:21:22:249]: PROPERTY CHANGE: Deleting UpdateStarted property. Its current value is '1'.
    Fin de l'action 14:21:22 : INSTALL. Valeur renvoyée 3.

  • 0 in reply to daunay olivier

    Hello daunay olivier,

    thanks.
    Installation of Web Intelligence (SwiCalloutInstall) fails with: The driver package is not signed.
    Refers to the stuff in %ProgramFiles(x86)%\Sophos\Sophos Anti-Virus\Web Intelligence\. AFAIK the message is issued by swi-di.exe. Is it possible that the server has an issue with the root certificates?

    Christian

  • 0 in reply to QC

    Thanks

    it seems there is no issue with the root certificates

    I can acces correctly to the certificate with MMC

    how can I verify if there is a certificate error

  • 0 in reply to daunay olivier

    Hello daunay olivier,

    not sure this is actually the cause. I also don't know if and where an associated Windows Event is recorded. 
    Even though the Program folder has been removed by the rollback you can check the Digital Signatures of swi_callout.sys and swi_callout.cat in %ProgramData%\Sophos\AutoUpdate\Cache\savxp\program files\Sophos\Sophos Anti-Virus\Web Intelligence\x64. Note the No signature was present in the subject for the .cat's sha256 signature is expected.

    Christian

  • 0 in reply to QC

    hello Christian

    I checked the Digital Signatures of swi_callout.sys and swi_callout.cat in %ProgramData%\Sophos\AutoUpdate\Cache\savxp\program files\Sophos\Sophos Anti-Virus\Web Intelligence\x64

    I found no difference between these and the sames on an other computer without the error

    Olivier

  • 0 in reply to daunay olivier

    Hello Olivier,

    this is somewhat strange considering that it works on all other machines.
    I don't think that swi_di.exe (that should install the driver) can spit out more information than it already does, namely saying The driver package is not signed,

    The only thing, apart from engaging Support, that comes to my mind is signtool.exe verify /v /kp from the Windows SDK.

    Christian

  • 0 in reply to QC

    indeed,

    there is an error that I cannot find on a functional installation
    do you have an idea ?

    Verifying: swi_callout.cat

    Signature Index: 0 (Primary Signature)
    Hash of file (sha1): 603B1674E37B3E0B23F71C32D5CFDF32E2195DE9

    Signing Certificate Chain:
        Issued to: Microsoft Code Verification Root
        Issued by: Microsoft Code Verification Root
        Expires:   Sat Nov 01 15:54:03 2025
        SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

            Issued to: Class 3 Public Primary Certification Authority
            Issued by: Microsoft Code Verification Root
            Expires:   Mon May 23 19:11:29 2016
            SHA1 hash: 58455389CF1D0CD6A08E3CE216F65ADFF7A86408

                Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
                Issued by: Class 3 Public Primary Certification Authority
                Expires:   Mon Nov 08 01:59:59 2021
                SHA1 hash: 32F30882622B87CF8856C63DB873DF0853B4DD27

                    Issued to: VeriSign Class 3 Code Signing 2010 CA
                    Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
                    Expires:   Sat Feb 08 01:59:59 2020
                    SHA1 hash: 495847A93187CFB8C71F840CB7B41497AD95C64F

                        Issued to: Sophos Limited
                        Issued by: VeriSign Class 3 Code Signing 2010 CA
                        Expires:   Fri Dec 23 01:59:59 2016
                        SHA1 hash: EC510F6AEFCC5EC44CFD4C7D4A1079BA71CC45E4

    The signature is timestamped: Fri May 20 11:18:30 2016
    Timestamp Verified by:
        Issued to: Thawte Timestamping CA
        Issued by: Thawte Timestamping CA
        Expires:   Fri Jan 01 01:59:59 2021
        SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656

            Issued to: Symantec Time Stamping Services CA - G2
            Issued by: Thawte Timestamping CA
            Expires:   Thu Dec 31 01:59:59 2020
            SHA1 hash: 6C07453FFDDA08B83707C09B82FB3D15F35336B1

                Issued to: Symantec Time Stamping Services Signer - G4
                Issued by: Symantec Time Stamping Services CA - G2
                Expires:   Wed Dec 30 01:59:59 2020
                SHA1 hash: 65439929B67973EB192D6FF243E6767ADF0834E4

    SignTool Error: A certificate chain processed, but terminated in a root
            certificate which is not trusted by the trust provider.

    Number of files successfully Verified: 0
    Number of warnings: 0
    Number of errors: 5

    with a good computer:

    Verifying: swi_callout.cat

    Signature Index: 0 (Primary Signature)
    Hash of file (sha1): 603B1674E37B3E0B23F71C32D5CFDF32E2195DE9

    Signing Certificate Chain:
        Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
        Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
        Expires:   Thu Jul 17 01:59:59 2036
        SHA1 hash: 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5

            Issued to: VeriSign Class 3 Code Signing 2010 CA
            Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
            Expires:   Sat Feb 08 01:59:59 2020
            SHA1 hash: 495847A93187CFB8C71F840CB7B41497AD95C64F

                Issued to: Sophos Limited
                Issued by: VeriSign Class 3 Code Signing 2010 CA
                Expires:   Fri Dec 23 01:59:59 2016
                SHA1 hash: EC510F6AEFCC5EC44CFD4C7D4A1079BA71CC45E4

    The signature is timestamped: Fri May 20 11:18:30 2016
    Timestamp Verified by:
        Issued to: Thawte Timestamping CA
        Issued by: Thawte Timestamping CA
        Expires:   Fri Jan 01 01:59:59 2021
        SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656

            Issued to: Symantec Time Stamping Services CA - G2
            Issued by: Thawte Timestamping CA
            Expires:   Thu Dec 31 01:59:59 2020
            SHA1 hash: 6C07453FFDDA08B83707C09B82FB3D15F35336B1

                Issued to: Symantec Time Stamping Services Signer - G4
                Issued by: Symantec Time Stamping Services CA - G2
                Expires:   Wed Dec 30 01:59:59 2020
                SHA1 hash: 65439929B67973EB192D6FF243E6767ADF0834E4

    Cross Certificate Chain:
        Issued to: Microsoft Code Verification Root
        Issued by: Microsoft Code Verification Root
        Expires:   Sat Nov 01 15:54:03 2025
        SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

            Issued to: Class 3 Public Primary Certification Authority
            Issued by: Microsoft Code Verification Root
            Expires:   Mon May 23 19:11:29 2016
            SHA1 hash: 58455389CF1D0CD6A08E3CE216F65ADFF7A86408

                Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
                Issued by: Class 3 Public Primary Certification Authority
                Expires:   Mon Nov 08 01:59:59 2021
                SHA1 hash: 32F30882622B87CF8856C63DB873DF0853B4DD27

                    Issued to: VeriSign Class 3 Code Signing 2010 CA
                    Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
                    Expires:   Sat Feb 08 01:59:59 2020
                    SHA1 hash: 495847A93187CFB8C71F840CB7B41497AD95C64F

                        Issued to: Sophos Limited
                        Issued by: VeriSign Class 3 Code Signing 2010 CA
                        Expires:   Fri Dec 23 01:59:59 2016
                        SHA1 hash: EC510F6AEFCC5EC44CFD4C7D4A1079BA71CC45E4


    Successfully verified: swi_callout.cat

    Number of files successfully Verified: 1
    Number of warnings: 0
    Number of errors: 0

  • 0 in reply to daunay olivier

    Hello Olivier,

    I think it's this one:

                Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
                Issued by: Class 3 Public Primary Certification Authority
                Expires:   Mon Nov 08 01:59:59 2021
                SHA1 hash: 32F30882622B87CF8856C63DB873DF0853B4DD27

    whereas the good one is:

        Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
        Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
        Expires:   Thu Jul 17 01:59:59 2036
        SHA1 hash: 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5

    The (newer) Verisign Class 3 Public Primary should be under Trusted Root in certmgr.msc

    Christian

  • 0 in reply to QC
    I continued on the certificate trail and found a difference in local security policies
     
    OK by modifying local security strategies

    Computer configuration / Windows settings / Security settings / public key policy

    in the "Store" tab: modification of "Main certificate stores"
    check the box next to "Third-party and enterprise root certification authorities (recommended)

    and it works !!

    the misconfiguration was "only enterprise root certification authorities"
     
    thanks a lot for your help

     

Reply
  • 0 in reply to QC
    I continued on the certificate trail and found a difference in local security policies
     
    OK by modifying local security strategies

    Computer configuration / Windows settings / Security settings / public key policy

    in the "Store" tab: modification of "Main certificate stores"
    check the box next to "Third-party and enterprise root certification authorities (recommended)

    and it works !!

    the misconfiguration was "only enterprise root certification authorities"
     
    thanks a lot for your help

     

Children
No Data
Unfiltered HTML