Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 14 replies
  • Subscribers 3 subscribers
  • Views 3221 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem on reinstalling antivirus on computer

daunay olivier

 I've a problem with a computer (win2016) on which I deleted all sophos components + reboot and reinstall from the share of the new server.

All components are well download from the server, but impossible that antivirus part install.

I've tested all solution (desintall manual and SophosZap, clean registry, clean c:\programdata programfile and x86 )

I've tested Sophos Endpoint Defense: How to recover a tamper protected system

ALWAYS the same message in Log : 

2021-04-20 11:47:15 ERROR: Installation failed
2021-04-20 11:47:15 Info: SetupPlugin: Unable to open Application registry key to get Install Path.
2021-04-20 11:47:15 ERROR: Failed to get current install location to register with tamper protection. Error 0x80070002
2021-04-20 11:47:15 ERROR: Failed to update the major update counters (The result of the last run has not been set)

Please help me. 

 Thanks



This thread was automatically locked due to age.
  • 0 in reply to daunay olivier

    Hello Olivier,

    this is somewhat strange considering that it works on all other machines.
    I don't think that swi_di.exe (that should install the driver) can spit out more information than it already does, namely saying The driver package is not signed,

    The only thing, apart from engaging Support, that comes to my mind is signtool.exe verify /v /kp from the Windows SDK.

    Christian

  • 0 in reply to QC

    indeed,

    there is an error that I cannot find on a functional installation
    do you have an idea ?

    Verifying: swi_callout.cat

    Signature Index: 0 (Primary Signature)
    Hash of file (sha1): 603B1674E37B3E0B23F71C32D5CFDF32E2195DE9

    Signing Certificate Chain:
        Issued to: Microsoft Code Verification Root
        Issued by: Microsoft Code Verification Root
        Expires:   Sat Nov 01 15:54:03 2025
        SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

            Issued to: Class 3 Public Primary Certification Authority
            Issued by: Microsoft Code Verification Root
            Expires:   Mon May 23 19:11:29 2016
            SHA1 hash: 58455389CF1D0CD6A08E3CE216F65ADFF7A86408

                Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
                Issued by: Class 3 Public Primary Certification Authority
                Expires:   Mon Nov 08 01:59:59 2021
                SHA1 hash: 32F30882622B87CF8856C63DB873DF0853B4DD27

                    Issued to: VeriSign Class 3 Code Signing 2010 CA
                    Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
                    Expires:   Sat Feb 08 01:59:59 2020
                    SHA1 hash: 495847A93187CFB8C71F840CB7B41497AD95C64F

                        Issued to: Sophos Limited
                        Issued by: VeriSign Class 3 Code Signing 2010 CA
                        Expires:   Fri Dec 23 01:59:59 2016
                        SHA1 hash: EC510F6AEFCC5EC44CFD4C7D4A1079BA71CC45E4

    The signature is timestamped: Fri May 20 11:18:30 2016
    Timestamp Verified by:
        Issued to: Thawte Timestamping CA
        Issued by: Thawte Timestamping CA
        Expires:   Fri Jan 01 01:59:59 2021
        SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656

            Issued to: Symantec Time Stamping Services CA - G2
            Issued by: Thawte Timestamping CA
            Expires:   Thu Dec 31 01:59:59 2020
            SHA1 hash: 6C07453FFDDA08B83707C09B82FB3D15F35336B1

                Issued to: Symantec Time Stamping Services Signer - G4
                Issued by: Symantec Time Stamping Services CA - G2
                Expires:   Wed Dec 30 01:59:59 2020
                SHA1 hash: 65439929B67973EB192D6FF243E6767ADF0834E4

    SignTool Error: A certificate chain processed, but terminated in a root
            certificate which is not trusted by the trust provider.

    Number of files successfully Verified: 0
    Number of warnings: 0
    Number of errors: 5

    with a good computer:

    Verifying: swi_callout.cat

    Signature Index: 0 (Primary Signature)
    Hash of file (sha1): 603B1674E37B3E0B23F71C32D5CFDF32E2195DE9

    Signing Certificate Chain:
        Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
        Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
        Expires:   Thu Jul 17 01:59:59 2036
        SHA1 hash: 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5

            Issued to: VeriSign Class 3 Code Signing 2010 CA
            Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
            Expires:   Sat Feb 08 01:59:59 2020
            SHA1 hash: 495847A93187CFB8C71F840CB7B41497AD95C64F

                Issued to: Sophos Limited
                Issued by: VeriSign Class 3 Code Signing 2010 CA
                Expires:   Fri Dec 23 01:59:59 2016
                SHA1 hash: EC510F6AEFCC5EC44CFD4C7D4A1079BA71CC45E4

    The signature is timestamped: Fri May 20 11:18:30 2016
    Timestamp Verified by:
        Issued to: Thawte Timestamping CA
        Issued by: Thawte Timestamping CA
        Expires:   Fri Jan 01 01:59:59 2021
        SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656

            Issued to: Symantec Time Stamping Services CA - G2
            Issued by: Thawte Timestamping CA
            Expires:   Thu Dec 31 01:59:59 2020
            SHA1 hash: 6C07453FFDDA08B83707C09B82FB3D15F35336B1

                Issued to: Symantec Time Stamping Services Signer - G4
                Issued by: Symantec Time Stamping Services CA - G2
                Expires:   Wed Dec 30 01:59:59 2020
                SHA1 hash: 65439929B67973EB192D6FF243E6767ADF0834E4

    Cross Certificate Chain:
        Issued to: Microsoft Code Verification Root
        Issued by: Microsoft Code Verification Root
        Expires:   Sat Nov 01 15:54:03 2025
        SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

            Issued to: Class 3 Public Primary Certification Authority
            Issued by: Microsoft Code Verification Root
            Expires:   Mon May 23 19:11:29 2016
            SHA1 hash: 58455389CF1D0CD6A08E3CE216F65ADFF7A86408

                Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
                Issued by: Class 3 Public Primary Certification Authority
                Expires:   Mon Nov 08 01:59:59 2021
                SHA1 hash: 32F30882622B87CF8856C63DB873DF0853B4DD27

                    Issued to: VeriSign Class 3 Code Signing 2010 CA
                    Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
                    Expires:   Sat Feb 08 01:59:59 2020
                    SHA1 hash: 495847A93187CFB8C71F840CB7B41497AD95C64F

                        Issued to: Sophos Limited
                        Issued by: VeriSign Class 3 Code Signing 2010 CA
                        Expires:   Fri Dec 23 01:59:59 2016
                        SHA1 hash: EC510F6AEFCC5EC44CFD4C7D4A1079BA71CC45E4


    Successfully verified: swi_callout.cat

    Number of files successfully Verified: 1
    Number of warnings: 0
    Number of errors: 0

  • 0 in reply to daunay olivier

    Hello Olivier,

    I think it's this one:

                Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
                Issued by: Class 3 Public Primary Certification Authority
                Expires:   Mon Nov 08 01:59:59 2021
                SHA1 hash: 32F30882622B87CF8856C63DB873DF0853B4DD27

    whereas the good one is:

        Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
        Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
        Expires:   Thu Jul 17 01:59:59 2036
        SHA1 hash: 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5

    The (newer) Verisign Class 3 Public Primary should be under Trusted Root in certmgr.msc

    Christian

  • 0 in reply to QC
    I continued on the certificate trail and found a difference in local security policies
     
    OK by modifying local security strategies

    Computer configuration / Windows settings / Security settings / public key policy

    in the "Store" tab: modification of "Main certificate stores"
    check the box next to "Third-party and enterprise root certification authorities (recommended)

    and it works !!

    the misconfiguration was "only enterprise root certification authorities"
     
    thanks a lot for your help

     

Unfiltered HTML