Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 9146 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Uninstall Issue

disco_samurai

Good Morning

At my workplace we use Sophos Endpoint Security and Control v9.5 and I'm having an issue on one of the machines its installed on I wonder if anyone can suggest anything to assist me?

The PC in question had Sophos installed (via a network share) but upon first install when it does its initial update (the 3 stage update) the update window would close once it got to 'Installing Package 1 of..

Now I assumed that I had mistyped the admin password/ID so I went to uninstall it.  However when I try and uninstall Sophos it asks for a 'Sophos Anti-Virus.msi' file.  I browsed to this file on the network server but the uninstaller would not accept this MSI (I've seen a few threads on Google with this issue with no successful resolutions).

I have tried reinstalling Sophos again (same thing happened) and I've tried absolutely everything to remove Sophos, I've manually cleared the registry, manually deleted the files, logged onto safemode to try and remove it I even reinstalled the Windows Installer (http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5a58b56f-60b6-4412-95b9-54d056d6f9f4&displaylang=en_) as it was suggested as a way to get round this issue on the net.  Nothing seems to work.

Any suggestions?

Cheers

Neal

:8433


This thread was automatically locked due to age.
Parents
  • 0

    Hi Jak

    Logs as requested.

    MSI

    MSI (s) (BC:88) [15:59:55:015]: Executing op: ProductInfo(ProductKey={9ACB414D-9347-40B6-A453-5EFB2DB59DFA},ProductName=Sophos Anti-Virus,PackageName=Sophos Anti-Virus.msi,Language=1033,Version=151322629,Assignment=1,ObsoleteArg=0,ProductIcon=ARPPRODUCTICON.exe,,PackageCode={2DC4E77B-EA6D-433D-917D-8EAE06446005},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0)
    MSI (s) (BC:88) [15:59:55:015]: Executing op: DialogInfo(Type=0,Argument=1033)
    MSI (s) (BC:88) [15:59:55:015]: Executing op: DialogInfo(Type=1,Argument=Sophos Anti-Virus)
    MSI (s) (BC:88) [15:59:55:015]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Rolling back action:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Removing backup files,CleanupTemplate=File: [1])
    MSI (s) (BC:88) [15:59:55:015]: Executing op: SetBaseline(Baseline=0,)
    MSI (s) (BC:88) [15:59:55:015]: Executing op: SetBaseline(Baseline=1,)
    MSI (s) (BC:88) [15:59:55:015]: Executing op: ActionStart(Name=SetUpdateFailed,,)
    MSI (s) (BC:88) [15:59:55:015]: Executing op: CustomActionSchedule(Action=SetUpdateFailed,ActionType=1281,Source=BinaryData,Target=SetUpdateFailed,)
    MSI (s) (BC:88) [15:59:55:015]: Executing op: ActionStart(Name=RestoreMovedFiles,,)
    MSI (s) (BC:88) [15:59:55:015]: Executing op: CustomActionSchedule(Action=RestoreMovedFiles,ActionType=1281,Source=BinaryData,Target=RestoreMovedFiles,CustomActionData=C:\Program Files\Sophos\Sophos Anti-Virus\)
    MSI (s) (BC:88) [15:59:55:031]: Executing op: ActionStart(Name=CheckRegForNullDACLs,,)
    MSI (s) (BC:88) [15:59:55:031]: Executing op: CustomActionSchedule(Action=CheckRegForNullDACLs,ActionType=1025,Source=BinaryData,Target=CheckRegForNullDACLs,)
    MSI (s) (BC:CC) [15:59:55:031]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2C6.tmp, Entrypoint: CheckRegForNullDACLs
    MSI (s) (BC:88) [15:59:55:359]: Executing op: ActionStart(Name=RunErrorScript,,)
    MSI (s) (BC:88) [15:59:55:359]: Executing op: CustomActionSchedule(Action=RunErrorScript,ActionType=1345,Source=BinaryData,Target=RunErrorScripts,CustomActionData="C:\Program Files\Sophos\Sophos Anti-Virus\""C:\Program Files\Sophos\AutoUpdate\cache\savxp\""9.5.5")
    MSI (s) (BC:88) [15:59:55:375]: Executing op: ActionStart(Name=SetUpdateBegin,,)
    MSI (s) (BC:88) [15:59:55:375]: Executing op: CustomActionSchedule(Action=SetUpdateBegin,ActionType=1025,Source=BinaryData,Target=SetUpdateBegin,)
    MSI (s) (BC:C8) [15:59:55:390]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2C7.tmp, Entrypoint: SetUpdateBegin
    MSI (s) (BC:88) [15:59:56:515]: Executing op: ActionStart(Name=CloseSavMainWindow,,)
    MSI (s) (BC:88) [15:59:56:515]: Executing op: CustomActionSchedule(Action=CloseSavMainWindow,ActionType=1025,Source=BinaryData,Target=CloseSavMainWindow,)
    MSI (s) (BC:5C) [15:59:56:531]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2C8.tmp, Entrypoint: CloseSavMainWindow
    MSI (s) (BC:88) [15:59:57:015]: Executing op: ActionStart(Name=SwiService_dereg.11DACB83_28A7_4FA6_AF5B_C006E340C101,,)
    MSI (s) (BC:88) [15:59:57:015]: Executing op: CustomActionSchedule(Action=SwiService_dereg.11DACB83_28A7_4FA6_AF5B_C006E340C101,ActionType=1058,Source=C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\,Target="C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe" /unregisterService,)
    MSI (s) (BC:88) [16:00:12:046]: Executing op: ActionStart(Name=WaitForSAVService,,)
    MSI (s) (BC:88) [16:00:12:046]: Executing op: CustomActionSchedule(Action=WaitForSAVService,ActionType=1025,Source=BinaryData,Target=WaitForSAVService,)
    MSI (s) (BC:40) [16:00:12:062]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2C9.tmp, Entrypoint: WaitForSAVService
    MSI (s) (BC:88) [16:00:42:109]: Executing op: ActionStart(Name=RemoveODBC,Description=Removing ODBC components,)
    MSI (s) (BC:88) [16:00:42:109]: Executing op: ODBCDriverManager(,BinaryType=0)
    MSI (s) (BC:88) [16:00:42:109]: Executing op: ODBCDriverManager(,BinaryType=1)
    MSI (s) (BC:88) [16:00:42:109]: Executing op: ActionStart(Name=CheckUninstallDrivers,,)
    MSI (s) (BC:88) [16:00:42:109]: Executing op: CustomActionSchedule(Action=CheckUninstallDrivers,ActionType=1025,Source=BinaryData,Target=CheckUninstallDrivers,)
    MSI (s) (BC:70) [16:00:42:125]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2CA.tmp, Entrypoint: CheckUninstallDrivers
    MSI (s) (BC:88) [16:00:42:156]: Executing op: ActionStart(Name=DeleteIDEs,,)
    MSI (s) (BC:88) [16:00:42:156]: Executing op: CustomActionSchedule(Action=DeleteIDEs,ActionType=1025,Source=BinaryData,Target=DeleteIDEs,CustomActionData=C:\Program Files\Sophos\Sophos Anti-Virus\)
    MSI (s) (BC:A8) [16:00:42:171]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2CB.tmp, Entrypoint: DeleteIDEs
    MSI (s) (BC:88) [16:00:42:265]: Executing op: ActionStart(Name=DeleteBDLs,,)
    MSI (s) (BC:88) [16:00:42:265]: Executing op: CustomActionSchedule(Action=DeleteBDLs,ActionType=1025,Source=BinaryData,Target=DeleteBDLs,CustomActionData=C:\Program Files\Sophos\Sophos Anti-Virus\)
    MSI (s) (BC:FC) [16:00:42:281]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2CC.tmp, Entrypoint: DeleteBDLs
    MSI (s) (BC:88) [16:00:42:312]: Executing op: ActionStart(Name=DeleteHIPSConfig,,)
    MSI (s) (BC:88) [16:00:42:312]: Executing op: CustomActionSchedule(Action=DeleteHIPSConfig,ActionType=1025,Source=BinaryData,Target=DeleteHIPSConfig,CustomActionData=C:\Program Files\Sophos\Sophos Anti-Virus\)
    MSI (s) (BC:8C) [16:00:42:343]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2CD.tmp, Entrypoint: DeleteHIPSConfig
    MSI (s) (BC:88) [16:00:42:375]: Executing op: ActionStart(Name=RemoveFilesOnUpgrade,,)
    MSI (s) (BC:88) [16:00:42:375]: Executing op: CustomActionSchedule(Action=RemoveFilesOnUpgrade,ActionType=1025,Source=BinaryData,Target=RemoveFilesOnUpgrade,CustomActionData=C:\Program Files\Sophos\Sophos Anti-Virus\)
    MSI (s) (BC:50) [16:00:42:390]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2CE.tmp, Entrypoint: RemoveFilesOnUpgrade
    MSI (s) (BC:88) [16:00:42:421]: Executing op: ActionStart(Name=RollbackUpdateSavAdapterDll,,)
    MSI (s) (BC:88) [16:00:42:421]: Executing op: CustomActionSchedule(Action=RollbackUpdateSavAdapterDll,ActionType=1281,Source=BinaryData,Target=RollbackUpdateSavAdapterDll,CustomActionData=C:\Program Files\Sophos\Sophos Anti-Virus\)
    MSI (s) (BC:88) [16:00:42:421]: Executing op: ActionStart(Name=UpdateSavAdapterDll,,)
    MSI (s) (BC:88) [16:00:42:421]: Executing op: CustomActionSchedule(Action=UpdateSavAdapterDll,ActionType=1025,Source=BinaryData,Target=UpdateSavAdapterDll,)
    MSI (s) (BC:10) [16:00:42:453]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2CF.tmp, Entrypoint: UpdateSavAdapterDll
    MSI (s) (BC:88) [16:00:52:484]: Executing op: ActionStart(Name=CopyOtherFiles,,)
    MSI (s) (BC:88) [16:00:52:484]: Executing op: CustomActionSchedule(Action=CopyOtherFiles,ActionType=1025,Source=BinaryData,Target=CopyOtherFiles,CustomActionData="C:\Program Files\Sophos\Sophos Anti-Virus\""C:\Program Files\Sophos\AutoUpdate\cache\savxp\""XP")
    MSI (s) (BC:EC) [16:00:52:500]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2D0.tmp, Entrypoint: CopyOtherFiles
    MSI (s) (BC:88) [16:00:52:546]: Executing op: ActionStart(Name=RegisterBufferOverflowProtection,,)
    MSI (s) (BC:88) [16:00:52:546]: Executing op: CustomActionSchedule(Action=RegisterBufferOverflowProtection,ActionType=1025,Source=BinaryData,Target=RegisterBufferOverflowProtection,CustomActionData=C:\Program Files\Sophos\Sophos Anti-Virus\)
    MSI (s) (BC:D8) [16:00:52:562]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2D1.tmp, Entrypoint: RegisterBufferOverflowProtection
    MSI (s) (BC:88) [16:00:52:625]: Executing op: ActionStart(Name=InstallDriverFilesXP,,)
    MSI (s) (BC:88) [16:00:52:625]: Executing op: CustomActionSchedule(Action=InstallDriverFilesXP,ActionType=1058,Source=C:\WINDOWS\system32\,Target=RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 C:\Program Files\Sophos\AutoUpdate\cache\savxp\WinXP_i386\SAVONACCESSDRIV.INF,)
    MSI (s) (BC:88) [16:00:53:562]: Executing op: ActionStart(Name=InstallBootDriverXP,,)
    MSI (s) (BC:88) [16:00:53:562]: Executing op: CustomActionSchedule(Action=InstallBootDriverXP,ActionType=1058,Source=C:\WINDOWS\system32\,Target=RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 C:\Program Files\Sophos\AutoUpdate\cache\savxp\WinXP_i386\SOPHOSBOOTDRIVER.INF,)
    MSI (s) (BC:88) [16:00:54:296]: Executing op: ActionStart(Name=InstallClassFilter,,)
    MSI (s) (BC:88) [16:00:54:296]: Executing op: CustomActionSchedule(Action=InstallClassFilter,ActionType=1058,Source=C:\WINDOWS\system32\,Target=RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 C:\Program Files\Sophos\AutoUpdate\cache\savxp\ClassFilterDrivers\i386\SDCFILTER.INF,)
    MSI (s) (BC:88) [16:00:55:046]: Executing op: ActionStart(Name=StartDriverServices,,)
    MSI (s) (BC:88) [16:00:55:046]: Executing op: CustomActionSchedule(Action=StartDriverServices,ActionType=1025,Source=BinaryData,Target=StartDriverServices,CustomActionData=XP)
    MSI (s) (BC:10) [16:00:55:046]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2DA.tmp, Entrypoint: StartDriverServices
    MSI (s) (BC:88) [16:00:55:078]: Executing op: ActionStart(Name=InstallFiles,Description=Copying new files,Template=File: [1],  Directory: [9],  Size: [6])
    MSI (s) (BC:88) [16:00:55:078]: Executing op: InstallProtectedFiles(AllowUI=0)
    MSI (s) (BC:88) [16:00:55:078]: Executing op: ActionStart(Name=CreateUserGroups,,)
    MSI (s) (BC:88) [16:00:55:078]: Executing op: CustomActionSchedule(Action=CreateUserGroups,ActionType=1025,Source=BinaryData,Target=CreateUserGroups,CustomActionData=C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\Config)
    MSI (s) (BC:44) [16:00:55:093]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2DB.tmp, Entrypoint: CreateUserGroups
    MSI (s) (BC:88) [16:00:55:312]: Executing op: ActionStart(Name=AddDomainGroups,,)
    MSI (s) (BC:88) [16:00:55:312]: Executing op: CustomActionSchedule(Action=AddDomainGroups,ActionType=1025,Source=BinaryData,Target=AddDomainGroups,)
    MSI (s) (BC:BC) [16:00:55:328]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2DC.tmp, Entrypoint: AddDomainGroups
    MSI (s) (BC:88) [16:00:55:359]: Executing op: ActionStart(Name=SwiConfig_upgrade.11DACB83_28A7_4FA6_AF5B_C006E340C101,,)
    MSI (s) (BC:88) [16:00:55:359]: Executing op: CustomActionSchedule(Action=SwiConfig_upgrade.11DACB83_28A7_4FA6_AF5B_C006E340C101,ActionType=1058,Source=C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\,Target="C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_config.exe" /update,)
    MSI (s) (BC:88) [16:01:10:390]: Executing op: ActionStart(Name=UpdateSAVI,,)
    MSI (s) (BC:88) [16:01:10:390]: Executing op: CustomActionSchedule(Action=UpdateSAVI,ActionType=1025,Source=BinaryData,Target=UpdateSAVI,CustomActionData="C:\Program Files\Sophos\Sophos Anti-Virus\""C:\Program Files\Sophos\AutoUpdate\cache\savxp\")
    MSI (s) (BC:5C) [16:01:10:421]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2DD.tmp, Entrypoint: UpdateSAVI
    MSI (s) (BC:88) [16:01:12:968]: Executing op: ActionStart(Name=SetFolderPermissions,,)
    MSI (s) (BC:88) [16:01:12:968]: Executing op: CustomActionSchedule(Action=SetFolderPermissions,ActionType=1025,Source=BinaryData,Target=SetFolderPermissions,CustomActionData=C:\Program Files\Sophos\Sophos Anti-Virus\)
    MSI (s) (BC:D0) [16:01:12:984]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2DE.tmp, Entrypoint: SetFolderPermissions
    MSI (s) (BC:88) [16:01:14:312]: Executing op: ActionStart(Name=SetServiceXP,,)
    MSI (s) (BC:88) [16:01:14:312]: Executing op: CustomActionSchedule(Action=SetServiceXP,ActionType=1025,Source=BinaryData,Target=SetServiceXP,)
    MSI (s) (BC:78) [16:01:14:328]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2DF.tmp, Entrypoint: SetServiceXP
    MSI (s) (BC:88) [16:01:14:406]: User policy value 'DisableRollback' is 0
    MSI (s) (BC:88) [16:01:14:406]: Machine policy value 'DisableRollback' is 0
    Action ended 16:01:14: InstallFinalize. Return value 3.

    and Custom

    2011-02-21 15:59:51 Starting competitor detection...
    2011-02-21 15:59:53 Boot driver: disabled
    2011-02-21 15:59:54 Setting class filter present property to: 1
    2011-02-21 15:59:54 PROCESSOR_ARCHITECTURE environment variable is: x86
    2011-02-21 16:00:12 WaitForSAVService: Walking system processes...
    2011-02-21 16:00:12 WaitForSAVService: Found process named SAVService.exe, waiting...
    2011-02-21 16:00:15 WaitForSAVService: Found process named SAVService.exe, waiting...
    2011-02-21 16:00:18 WaitForSAVService: Found process named SAVService.exe, waiting...
    2011-02-21 16:00:21 WaitForSAVService: Found process named SAVService.exe, waiting...
    2011-02-21 16:00:24 WaitForSAVService: Found process named SAVService.exe, waiting...
    2011-02-21 16:00:27 WaitForSAVService: Found process named SAVService.exe, waiting...
    2011-02-21 16:00:30 WaitForSAVService: Found process named SAVService.exe, waiting...
    2011-02-21 16:00:33 WaitForSAVService: Found process named SAVService.exe, waiting...
    2011-02-21 16:00:36 WaitForSAVService: Found process named SAVService.exe, waiting...
    2011-02-21 16:00:39 WaitForSAVService: Found process named SAVService.exe, waiting...
    2011-02-21 16:00:42 WaitForSAVService: Finished walking system processes.
    2011-02-21 16:00:42 IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess control. Returning false.
    2011-02-21 16:00:42 IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess filter. Returning false.
    2011-02-21 16:00:52 CopyOtherFiles custom action - Copying other driver files
    2011-02-21 16:00:52 Copying class filter source: C:\Program Files\Sophos\AutoUpdate\cache\savxp\classfilterdrivers\i386\SDCFILTER.INF, target: C:\Program Files\Sophos\Sophos Anti-Virus\
    2011-02-21 16:00:52 GetRidOfExistingDetoured - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll detoured exists, proceeding to rename it & mark for delete.
    2011-02-21 16:00:52 PROCESSOR_ARCHITECTURE environment variable is: x86
    2011-02-21 16:00:52 BopsUnregister: could not get short path to DLL. It will not be unregistered.
    2011-02-21 16:00:52 GetRidOfExistingDetoured - C:\Program Files\Sophos\Sophos Anti-Virus\detoured.dll does not exist, no further action.
    2011-02-21 16:00:52 BOPS path already exists
    2011-02-21 16:00:52 PROCESSOR_ARCHITECTURE environment variable is: x86
    2011-02-21 16:00:55 IsServiceRunning: Unable to get a handle to requested service SAVOnAccess control. Returning false.
    2011-02-21 16:00:55 Local name of well-known group Administrators is
    2011-02-21 16:00:55 Administrators
    2011-02-21 16:00:55 Local name of well-known group PowerUsers is
    2011-02-21 16:00:55 Power Users
    2011-02-21 16:00:55 Local name of well-known group Users is
    2011-02-21 16:00:55 Users
    2011-02-21 16:00:55 SophosUser already exists - skipped adding members
    2011-02-21 16:00:55 SophosPowerUser already exists - skipped adding members
    2011-02-21 16:00:55 SophosAdministrator already exists - skipped adding members
    2011-02-21 16:00:55 LocalSystem already member of the SophosAdministrator group
    2011-02-21 16:00:55 No need to restart Sophos Agent service
    2011-02-21 16:00:55 Successfully added/created all groups - function is now returning
    2011-02-21 16:01:10 About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate
    2011-02-21 16:01:10 Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate
    2011-02-21 16:01:10 UpdateRequest signalled
    2011-02-21 16:01:10 About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended
    2011-02-21 16:01:10 Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended
    2011-02-21 16:01:12 SAVI dll was installed successfully
    2011-02-21 16:01:14 We are running on XP or higher - adding LocalService to permissions on config files
    2011-02-21 16:01:14 We are running on XP or higher - adding LocalService to permissions on config files
    2011-02-21 16:01:14 Unable to add set access permissions on the Device Control Log directory
    2011-02-21 16:01:14 Unable to add set access permissions on the Data Control Log directory
    2011-02-21 16:01:14 Unable to get a handle to the Sophos Anti-Virus Service, error returned: 5

    regards

    Degs

    :9361
Reply
  • 0

    Hi Jak

    Logs as requested.

    MSI

    MSI (s) (BC:88) [15:59:55:015]: Executing op: ProductInfo(ProductKey={9ACB414D-9347-40B6-A453-5EFB2DB59DFA},ProductName=Sophos Anti-Virus,PackageName=Sophos Anti-Virus.msi,Language=1033,Version=151322629,Assignment=1,ObsoleteArg=0,ProductIcon=ARPPRODUCTICON.exe,,PackageCode={2DC4E77B-EA6D-433D-917D-8EAE06446005},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0)
    MSI (s) (BC:88) [15:59:55:015]: Executing op: DialogInfo(Type=0,Argument=1033)
    MSI (s) (BC:88) [15:59:55:015]: Executing op: DialogInfo(Type=1,Argument=Sophos Anti-Virus)
    MSI (s) (BC:88) [15:59:55:015]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Rolling back action:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Removing backup files,CleanupTemplate=File: [1])
    MSI (s) (BC:88) [15:59:55:015]: Executing op: SetBaseline(Baseline=0,)
    MSI (s) (BC:88) [15:59:55:015]: Executing op: SetBaseline(Baseline=1,)
    MSI (s) (BC:88) [15:59:55:015]: Executing op: ActionStart(Name=SetUpdateFailed,,)
    MSI (s) (BC:88) [15:59:55:015]: Executing op: CustomActionSchedule(Action=SetUpdateFailed,ActionType=1281,Source=BinaryData,Target=SetUpdateFailed,)
    MSI (s) (BC:88) [15:59:55:015]: Executing op: ActionStart(Name=RestoreMovedFiles,,)
    MSI (s) (BC:88) [15:59:55:015]: Executing op: CustomActionSchedule(Action=RestoreMovedFiles,ActionType=1281,Source=BinaryData,Target=RestoreMovedFiles,CustomActionData=C:\Program Files\Sophos\Sophos Anti-Virus\)
    MSI (s) (BC:88) [15:59:55:031]: Executing op: ActionStart(Name=CheckRegForNullDACLs,,)
    MSI (s) (BC:88) [15:59:55:031]: Executing op: CustomActionSchedule(Action=CheckRegForNullDACLs,ActionType=1025,Source=BinaryData,Target=CheckRegForNullDACLs,)
    MSI (s) (BC:CC) [15:59:55:031]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2C6.tmp, Entrypoint: CheckRegForNullDACLs
    MSI (s) (BC:88) [15:59:55:359]: Executing op: ActionStart(Name=RunErrorScript,,)
    MSI (s) (BC:88) [15:59:55:359]: Executing op: CustomActionSchedule(Action=RunErrorScript,ActionType=1345,Source=BinaryData,Target=RunErrorScripts,CustomActionData="C:\Program Files\Sophos\Sophos Anti-Virus\""C:\Program Files\Sophos\AutoUpdate\cache\savxp\""9.5.5")
    MSI (s) (BC:88) [15:59:55:375]: Executing op: ActionStart(Name=SetUpdateBegin,,)
    MSI (s) (BC:88) [15:59:55:375]: Executing op: CustomActionSchedule(Action=SetUpdateBegin,ActionType=1025,Source=BinaryData,Target=SetUpdateBegin,)
    MSI (s) (BC:C8) [15:59:55:390]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2C7.tmp, Entrypoint: SetUpdateBegin
    MSI (s) (BC:88) [15:59:56:515]: Executing op: ActionStart(Name=CloseSavMainWindow,,)
    MSI (s) (BC:88) [15:59:56:515]: Executing op: CustomActionSchedule(Action=CloseSavMainWindow,ActionType=1025,Source=BinaryData,Target=CloseSavMainWindow,)
    MSI (s) (BC:5C) [15:59:56:531]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2C8.tmp, Entrypoint: CloseSavMainWindow
    MSI (s) (BC:88) [15:59:57:015]: Executing op: ActionStart(Name=SwiService_dereg.11DACB83_28A7_4FA6_AF5B_C006E340C101,,)
    MSI (s) (BC:88) [15:59:57:015]: Executing op: CustomActionSchedule(Action=SwiService_dereg.11DACB83_28A7_4FA6_AF5B_C006E340C101,ActionType=1058,Source=C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\,Target="C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe" /unregisterService,)
    MSI (s) (BC:88) [16:00:12:046]: Executing op: ActionStart(Name=WaitForSAVService,,)
    MSI (s) (BC:88) [16:00:12:046]: Executing op: CustomActionSchedule(Action=WaitForSAVService,ActionType=1025,Source=BinaryData,Target=WaitForSAVService,)
    MSI (s) (BC:40) [16:00:12:062]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2C9.tmp, Entrypoint: WaitForSAVService
    MSI (s) (BC:88) [16:00:42:109]: Executing op: ActionStart(Name=RemoveODBC,Description=Removing ODBC components,)
    MSI (s) (BC:88) [16:00:42:109]: Executing op: ODBCDriverManager(,BinaryType=0)
    MSI (s) (BC:88) [16:00:42:109]: Executing op: ODBCDriverManager(,BinaryType=1)
    MSI (s) (BC:88) [16:00:42:109]: Executing op: ActionStart(Name=CheckUninstallDrivers,,)
    MSI (s) (BC:88) [16:00:42:109]: Executing op: CustomActionSchedule(Action=CheckUninstallDrivers,ActionType=1025,Source=BinaryData,Target=CheckUninstallDrivers,)
    MSI (s) (BC:70) [16:00:42:125]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2CA.tmp, Entrypoint: CheckUninstallDrivers
    MSI (s) (BC:88) [16:00:42:156]: Executing op: ActionStart(Name=DeleteIDEs,,)
    MSI (s) (BC:88) [16:00:42:156]: Executing op: CustomActionSchedule(Action=DeleteIDEs,ActionType=1025,Source=BinaryData,Target=DeleteIDEs,CustomActionData=C:\Program Files\Sophos\Sophos Anti-Virus\)
    MSI (s) (BC:A8) [16:00:42:171]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2CB.tmp, Entrypoint: DeleteIDEs
    MSI (s) (BC:88) [16:00:42:265]: Executing op: ActionStart(Name=DeleteBDLs,,)
    MSI (s) (BC:88) [16:00:42:265]: Executing op: CustomActionSchedule(Action=DeleteBDLs,ActionType=1025,Source=BinaryData,Target=DeleteBDLs,CustomActionData=C:\Program Files\Sophos\Sophos Anti-Virus\)
    MSI (s) (BC:FC) [16:00:42:281]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2CC.tmp, Entrypoint: DeleteBDLs
    MSI (s) (BC:88) [16:00:42:312]: Executing op: ActionStart(Name=DeleteHIPSConfig,,)
    MSI (s) (BC:88) [16:00:42:312]: Executing op: CustomActionSchedule(Action=DeleteHIPSConfig,ActionType=1025,Source=BinaryData,Target=DeleteHIPSConfig,CustomActionData=C:\Program Files\Sophos\Sophos Anti-Virus\)
    MSI (s) (BC:8C) [16:00:42:343]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2CD.tmp, Entrypoint: DeleteHIPSConfig
    MSI (s) (BC:88) [16:00:42:375]: Executing op: ActionStart(Name=RemoveFilesOnUpgrade,,)
    MSI (s) (BC:88) [16:00:42:375]: Executing op: CustomActionSchedule(Action=RemoveFilesOnUpgrade,ActionType=1025,Source=BinaryData,Target=RemoveFilesOnUpgrade,CustomActionData=C:\Program Files\Sophos\Sophos Anti-Virus\)
    MSI (s) (BC:50) [16:00:42:390]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2CE.tmp, Entrypoint: RemoveFilesOnUpgrade
    MSI (s) (BC:88) [16:00:42:421]: Executing op: ActionStart(Name=RollbackUpdateSavAdapterDll,,)
    MSI (s) (BC:88) [16:00:42:421]: Executing op: CustomActionSchedule(Action=RollbackUpdateSavAdapterDll,ActionType=1281,Source=BinaryData,Target=RollbackUpdateSavAdapterDll,CustomActionData=C:\Program Files\Sophos\Sophos Anti-Virus\)
    MSI (s) (BC:88) [16:00:42:421]: Executing op: ActionStart(Name=UpdateSavAdapterDll,,)
    MSI (s) (BC:88) [16:00:42:421]: Executing op: CustomActionSchedule(Action=UpdateSavAdapterDll,ActionType=1025,Source=BinaryData,Target=UpdateSavAdapterDll,)
    MSI (s) (BC:10) [16:00:42:453]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2CF.tmp, Entrypoint: UpdateSavAdapterDll
    MSI (s) (BC:88) [16:00:52:484]: Executing op: ActionStart(Name=CopyOtherFiles,,)
    MSI (s) (BC:88) [16:00:52:484]: Executing op: CustomActionSchedule(Action=CopyOtherFiles,ActionType=1025,Source=BinaryData,Target=CopyOtherFiles,CustomActionData="C:\Program Files\Sophos\Sophos Anti-Virus\""C:\Program Files\Sophos\AutoUpdate\cache\savxp\""XP")
    MSI (s) (BC:EC) [16:00:52:500]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2D0.tmp, Entrypoint: CopyOtherFiles
    MSI (s) (BC:88) [16:00:52:546]: Executing op: ActionStart(Name=RegisterBufferOverflowProtection,,)
    MSI (s) (BC:88) [16:00:52:546]: Executing op: CustomActionSchedule(Action=RegisterBufferOverflowProtection,ActionType=1025,Source=BinaryData,Target=RegisterBufferOverflowProtection,CustomActionData=C:\Program Files\Sophos\Sophos Anti-Virus\)
    MSI (s) (BC:D8) [16:00:52:562]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2D1.tmp, Entrypoint: RegisterBufferOverflowProtection
    MSI (s) (BC:88) [16:00:52:625]: Executing op: ActionStart(Name=InstallDriverFilesXP,,)
    MSI (s) (BC:88) [16:00:52:625]: Executing op: CustomActionSchedule(Action=InstallDriverFilesXP,ActionType=1058,Source=C:\WINDOWS\system32\,Target=RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 C:\Program Files\Sophos\AutoUpdate\cache\savxp\WinXP_i386\SAVONACCESSDRIV.INF,)
    MSI (s) (BC:88) [16:00:53:562]: Executing op: ActionStart(Name=InstallBootDriverXP,,)
    MSI (s) (BC:88) [16:00:53:562]: Executing op: CustomActionSchedule(Action=InstallBootDriverXP,ActionType=1058,Source=C:\WINDOWS\system32\,Target=RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 C:\Program Files\Sophos\AutoUpdate\cache\savxp\WinXP_i386\SOPHOSBOOTDRIVER.INF,)
    MSI (s) (BC:88) [16:00:54:296]: Executing op: ActionStart(Name=InstallClassFilter,,)
    MSI (s) (BC:88) [16:00:54:296]: Executing op: CustomActionSchedule(Action=InstallClassFilter,ActionType=1058,Source=C:\WINDOWS\system32\,Target=RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 C:\Program Files\Sophos\AutoUpdate\cache\savxp\ClassFilterDrivers\i386\SDCFILTER.INF,)
    MSI (s) (BC:88) [16:00:55:046]: Executing op: ActionStart(Name=StartDriverServices,,)
    MSI (s) (BC:88) [16:00:55:046]: Executing op: CustomActionSchedule(Action=StartDriverServices,ActionType=1025,Source=BinaryData,Target=StartDriverServices,CustomActionData=XP)
    MSI (s) (BC:10) [16:00:55:046]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2DA.tmp, Entrypoint: StartDriverServices
    MSI (s) (BC:88) [16:00:55:078]: Executing op: ActionStart(Name=InstallFiles,Description=Copying new files,Template=File: [1],  Directory: [9],  Size: [6])
    MSI (s) (BC:88) [16:00:55:078]: Executing op: InstallProtectedFiles(AllowUI=0)
    MSI (s) (BC:88) [16:00:55:078]: Executing op: ActionStart(Name=CreateUserGroups,,)
    MSI (s) (BC:88) [16:00:55:078]: Executing op: CustomActionSchedule(Action=CreateUserGroups,ActionType=1025,Source=BinaryData,Target=CreateUserGroups,CustomActionData=C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\Config)
    MSI (s) (BC:44) [16:00:55:093]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2DB.tmp, Entrypoint: CreateUserGroups
    MSI (s) (BC:88) [16:00:55:312]: Executing op: ActionStart(Name=AddDomainGroups,,)
    MSI (s) (BC:88) [16:00:55:312]: Executing op: CustomActionSchedule(Action=AddDomainGroups,ActionType=1025,Source=BinaryData,Target=AddDomainGroups,)
    MSI (s) (BC:BC) [16:00:55:328]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2DC.tmp, Entrypoint: AddDomainGroups
    MSI (s) (BC:88) [16:00:55:359]: Executing op: ActionStart(Name=SwiConfig_upgrade.11DACB83_28A7_4FA6_AF5B_C006E340C101,,)
    MSI (s) (BC:88) [16:00:55:359]: Executing op: CustomActionSchedule(Action=SwiConfig_upgrade.11DACB83_28A7_4FA6_AF5B_C006E340C101,ActionType=1058,Source=C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\,Target="C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_config.exe" /update,)
    MSI (s) (BC:88) [16:01:10:390]: Executing op: ActionStart(Name=UpdateSAVI,,)
    MSI (s) (BC:88) [16:01:10:390]: Executing op: CustomActionSchedule(Action=UpdateSAVI,ActionType=1025,Source=BinaryData,Target=UpdateSAVI,CustomActionData="C:\Program Files\Sophos\Sophos Anti-Virus\""C:\Program Files\Sophos\AutoUpdate\cache\savxp\")
    MSI (s) (BC:5C) [16:01:10:421]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2DD.tmp, Entrypoint: UpdateSAVI
    MSI (s) (BC:88) [16:01:12:968]: Executing op: ActionStart(Name=SetFolderPermissions,,)
    MSI (s) (BC:88) [16:01:12:968]: Executing op: CustomActionSchedule(Action=SetFolderPermissions,ActionType=1025,Source=BinaryData,Target=SetFolderPermissions,CustomActionData=C:\Program Files\Sophos\Sophos Anti-Virus\)
    MSI (s) (BC:D0) [16:01:12:984]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2DE.tmp, Entrypoint: SetFolderPermissions
    MSI (s) (BC:88) [16:01:14:312]: Executing op: ActionStart(Name=SetServiceXP,,)
    MSI (s) (BC:88) [16:01:14:312]: Executing op: CustomActionSchedule(Action=SetServiceXP,ActionType=1025,Source=BinaryData,Target=SetServiceXP,)
    MSI (s) (BC:78) [16:01:14:328]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI2DF.tmp, Entrypoint: SetServiceXP
    MSI (s) (BC:88) [16:01:14:406]: User policy value 'DisableRollback' is 0
    MSI (s) (BC:88) [16:01:14:406]: Machine policy value 'DisableRollback' is 0
    Action ended 16:01:14: InstallFinalize. Return value 3.

    and Custom

    2011-02-21 15:59:51 Starting competitor detection...
    2011-02-21 15:59:53 Boot driver: disabled
    2011-02-21 15:59:54 Setting class filter present property to: 1
    2011-02-21 15:59:54 PROCESSOR_ARCHITECTURE environment variable is: x86
    2011-02-21 16:00:12 WaitForSAVService: Walking system processes...
    2011-02-21 16:00:12 WaitForSAVService: Found process named SAVService.exe, waiting...
    2011-02-21 16:00:15 WaitForSAVService: Found process named SAVService.exe, waiting...
    2011-02-21 16:00:18 WaitForSAVService: Found process named SAVService.exe, waiting...
    2011-02-21 16:00:21 WaitForSAVService: Found process named SAVService.exe, waiting...
    2011-02-21 16:00:24 WaitForSAVService: Found process named SAVService.exe, waiting...
    2011-02-21 16:00:27 WaitForSAVService: Found process named SAVService.exe, waiting...
    2011-02-21 16:00:30 WaitForSAVService: Found process named SAVService.exe, waiting...
    2011-02-21 16:00:33 WaitForSAVService: Found process named SAVService.exe, waiting...
    2011-02-21 16:00:36 WaitForSAVService: Found process named SAVService.exe, waiting...
    2011-02-21 16:00:39 WaitForSAVService: Found process named SAVService.exe, waiting...
    2011-02-21 16:00:42 WaitForSAVService: Finished walking system processes.
    2011-02-21 16:00:42 IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess control. Returning false.
    2011-02-21 16:00:42 IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess filter. Returning false.
    2011-02-21 16:00:52 CopyOtherFiles custom action - Copying other driver files
    2011-02-21 16:00:52 Copying class filter source: C:\Program Files\Sophos\AutoUpdate\cache\savxp\classfilterdrivers\i386\SDCFILTER.INF, target: C:\Program Files\Sophos\Sophos Anti-Virus\
    2011-02-21 16:00:52 GetRidOfExistingDetoured - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll detoured exists, proceeding to rename it & mark for delete.
    2011-02-21 16:00:52 PROCESSOR_ARCHITECTURE environment variable is: x86
    2011-02-21 16:00:52 BopsUnregister: could not get short path to DLL. It will not be unregistered.
    2011-02-21 16:00:52 GetRidOfExistingDetoured - C:\Program Files\Sophos\Sophos Anti-Virus\detoured.dll does not exist, no further action.
    2011-02-21 16:00:52 BOPS path already exists
    2011-02-21 16:00:52 PROCESSOR_ARCHITECTURE environment variable is: x86
    2011-02-21 16:00:55 IsServiceRunning: Unable to get a handle to requested service SAVOnAccess control. Returning false.
    2011-02-21 16:00:55 Local name of well-known group Administrators is
    2011-02-21 16:00:55 Administrators
    2011-02-21 16:00:55 Local name of well-known group PowerUsers is
    2011-02-21 16:00:55 Power Users
    2011-02-21 16:00:55 Local name of well-known group Users is
    2011-02-21 16:00:55 Users
    2011-02-21 16:00:55 SophosUser already exists - skipped adding members
    2011-02-21 16:00:55 SophosPowerUser already exists - skipped adding members
    2011-02-21 16:00:55 SophosAdministrator already exists - skipped adding members
    2011-02-21 16:00:55 LocalSystem already member of the SophosAdministrator group
    2011-02-21 16:00:55 No need to restart Sophos Agent service
    2011-02-21 16:00:55 Successfully added/created all groups - function is now returning
    2011-02-21 16:01:10 About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate
    2011-02-21 16:01:10 Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate
    2011-02-21 16:01:10 UpdateRequest signalled
    2011-02-21 16:01:10 About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended
    2011-02-21 16:01:10 Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended
    2011-02-21 16:01:12 SAVI dll was installed successfully
    2011-02-21 16:01:14 We are running on XP or higher - adding LocalService to permissions on config files
    2011-02-21 16:01:14 We are running on XP or higher - adding LocalService to permissions on config files
    2011-02-21 16:01:14 Unable to add set access permissions on the Device Control Log directory
    2011-02-21 16:01:14 Unable to add set access permissions on the Data Control Log directory
    2011-02-21 16:01:14 Unable to get a handle to the Sophos Anti-Virus Service, error returned: 5

    regards

    Degs

    :9361
Children
No Data
Unfiltered HTML