This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Update - Failed to install SAVXP: A previous version could not...

Hi...

I'm receving the following in SEC  "00000067 Failed to install SAVXP. A previous version could not be uninstalled"

and in the Sophos Antivirus uninstall log

CustomAction UninstallDriverFiles64Vista returned actual error code -1079 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (s) (38:30) [10:10:19:389]: Product: Sophos Anti-Virus -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action UninstallDriverFiles64Vista, location: C:\Windows\SysWOW64\, command: "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\NATIVE.EXE" /lhu "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVONACCESSDRIV.INF"

I read a post recommeding copying NATIVE.EXE from the CIDS directory because it was not there, however I receive the same results.

Any insight would be much appreciated!



This thread was automatically locked due to age.
  • Does the log file: setupapi.app.log under \windows\inf\ add any more info if you can align the two logs by time?  Anything of interest in the Event logs?

    Regards,

    Jak

  • Hi Jak,

    I don't see anything suspect in the setupapi.app.log.  And as far as the eventlog goes I see a steady stream of the following attempts and failures.

    Beginning a Windows Installer transaction

    Product: Sophos Anti-Virus -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  Action UninstallDriverFiles64Vista, location: C:\Windows\SysWOW64\, command: "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\NATIVE.EXE" /lhu "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVONACCESSDRIV.INF" 

    Product: Sophos Anti-Virus -- Removal failed.

    Windows Installer removed the product. Product Name: Sophos Anti-Virus. Product Version: 10.3.15. Product Language: 1033. Manufacturer: Sophos Limited. Removal success or error status: 1603.

    Ending a Windows Installer transaction:

    Thanks!

  • I have this problem as well.  Win 7 Ent 64bit.  This machines OS was reinstalled a year ago and it had the same problem then.

    00000067  Failed to install SAVXP: A previous version could not be uninstalled

    After reinstalling  two different ways, from the console and from the EXE, the Sophos Endpoint Security and control will no longer open.  IT will update but says downloading five  then installing one of one and that fails (disappears) after a minute.

  • Hello BillFolger,

    reinstalling
    doesn't help as you see. Part of the reinstall is an uninstall of an existing downlevel version - an attempt to reinstall with the currently installed version might succeed, an "upgrade reinstall" will fail the same way as the original upgrade attempt (and, BTW, using Protect from the console is essentially running setup.exe from the CID).

    There should be a recent Sophos Anti-Virus Major Install Log_yymmdd_hhmmss.txt in %windir%\TEMP, not far from the top there should be a line
    Info: Running Uninstall of previous version using command line: msiexec.exe /x ....
    likely followed by a message that the uninstall failed. If so, please search the  Sophos Anti-Virus Uninstall log.txt  for Return value 3, the preceding lines should have some important information, the failure could have been in a remote custom action so you should check the Sophos Anti-Virus Major CustomActions Log_yymmdd_hhmmss.txt as well. If you're not sure what to do next please post the relevant lines here.

    Christian

  • 2016-06-23 09:32:17 Info: Logging started: installing/upgrading Sophos Anti-Virus
    2016-06-23 09:32:17 Info: InstallFromPath is: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\
    2016-06-23 09:32:17 Info: InstallToPath is:
    2016-06-23 09:32:17 Info: Detected version of SAV has major version number: 10
    2016-06-23 09:32:17 Info: Detected version of SAV has minor version number: 3
    2016-06-23 09:32:17 Info: registryInstallTo [overriding InstallToPath] is: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\
    2016-06-23 09:32:17 Checking for problem versions of SAVI - Install path:C:\Program Files (x86)\Sophos\Sophos Anti-Virus\
    2016-06-23 09:32:17 Veex.dll version ''
    2016-06-23 09:32:17 INFO: Checking the validity of the VDL manifest file.
    2016-06-23 09:32:18 INFO: The manifest file has been successfully validated.
    2016-06-23 09:32:18 INFO: Checking the validity of the AppFeed manifest file.
    2016-06-23 09:32:18 INFO: The manifest file has been successfully validated.
    2016-06-23 09:32:18 Info: Error parsing catalogue file - doing a full update
    2016-06-23 09:32:18 PROCESSOR_ARCHITECTURE environment variable is: AMD64
    2016-06-23 09:32:18 Failed to load driver information from INF files
    2016-06-23 09:32:18 Failed to load driver information from INF files
    2016-06-23 09:32:18 Failed to load driver information from INF files
    2016-06-23 09:32:18 Info: Managed install (from SAU)
    2016-06-23 09:32:18 Unable to QI IProductConfig
    2016-06-23 09:32:18 Info: ProductType value not found
    2016-06-23 09:32:18 Checking the integrity of the extant SAV installation
    2016-06-23 09:32:18 The file C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\WSCClient.exe does not exist(2)
    2016-06-23 09:32:18 The file C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\SavService.exe does not exist(2)
    2016-06-23 09:32:18 The file C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\SavAdminService.exe does not exist(2)
    2016-06-23 09:32:18 The file C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\BackgroundScanClient.exe does not exist(2)
    2016-06-23 09:32:18 The file C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\ComponentManager.dll does not exist(2)
    2016-06-23 09:32:18 The file C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\ICAdapter.dll does not exist(2)
    2016-06-23 09:32:18 The file C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\ICManagement.dll does not exist(2)
    2016-06-23 09:32:18 The file C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\ICProcessors.dll does not exist(2)
    2016-06-23 09:32:18 The file C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\ThreatDetection.dll does not exist(2)
    2016-06-23 09:32:18 The file C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\VirusDetection.dll does not exist(2)
    2016-06-23 09:32:18 The file C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\SavControl.dll does not exist(2)
    2016-06-23 09:32:18 The file C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\SavMain.exe does not exist(2)
    2016-06-23 09:32:18 The file C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\SavProgress.exe does not exist(2)
    2016-06-23 09:32:18 The file C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\DesktopMessaging.dll does not exist(2)
    2016-06-23 09:32:18 The file C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\SavShellExt.dll does not exist(2)
    2016-06-23 09:32:18 There is an incomplete SAV installation, forcing a Major Update to recover
    2016-06-23 09:32:18 Info: Performing major update of Sophos Anti-Virus using msi.
    2016-06-23 09:32:18 Info: Update is signalled.
    2016-06-23 09:32:18 In KB2918614Workaround().
    2016-06-23 09:32:18 Leaving KB2918614Workaround().
    2016-06-23 09:32:18 Product code of SAV currently installed: {D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}
    2016-06-23 09:32:18 Product code of SAV to be installed:     {09863DA9-7A9B-4430-9561-E04D178D7017}
    2016-06-23 09:32:18 ERROR: GetVersion - Unable to load the new Factory file, path = C:\ProgramData\Sophos\Sophos Anti-Virus\Config\Factory.xml
    2016-06-23 09:32:18 ProductCode change detected
    2016-06-23 09:32:18 Info: Detected an older version of SAV, version 10.3. Doing a major update.
    2016-06-23 09:32:18 Info: Set Update Begin
    2016-06-23 09:32:18 Unable to create an instance of ComponentManager - SystemInformation will not be informed of the update (0x80040154)
    2016-06-23 09:32:18 Info: Stop SAVService
    2016-06-23 09:32:18 Info: Convert boot tasks
    2016-06-23 09:32:18 Info: CopyFilesToTemp
    2016-06-23 09:32:18 ERROR: StoreTempFiles - failed to copy machine file - not present, hr = 0x0
    2016-06-23 09:32:18 Warning: configuration will not be preserved
    2016-06-23 09:32:18 Info: Reading overrides from registry
    2016-06-23 09:32:18 Info: Uninstall old SAV
    2016-06-23 09:32:18 PatchInstalledSavForRemoveSAVI: SAV version '10.3.11' installed, needs patching
    2016-06-23 09:32:18 PatchInstalledSavForRemoveSAVI: Disabling the 'RemoveSAVI' custom action
    2016-06-23 09:32:18 PatchInstalledSavForRemoveSAVI: Disabling the 'DeleteOtherFiles' custom action
    2016-06-23 09:32:18 PatchInstalledSavForRemoveSAVI: Committing changes
    2016-06-23 09:32:18 PatchInstalledSavForDeleteUserGroups: SAV version '10.3.11' installed, needs patching
    2016-06-23 09:32:18 PatchInstalledSavForDeleteUserGroups: Disabling the 'DeleteUserGroups' custom action
    2016-06-23 09:32:18 PatchInstalledSavForDeleteUserGroups: Committing changes
    2016-06-23 09:32:18 Info: Running Uninstall of previous version using command line: msiexec.exe /x {D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4} REBOOT=ReallySuppress /qn  UNINSTALLDRIVERS=1 UNINSTALLCLASSFILTER=0 UNINSTALLBOOTDRIVERS=1 UNINSTALLKMSDRIVERS=1 CHECKFORSCF=0  INSTALLINGVERSION="10.6.3.537" /Lvp "C:\Windows\TEMP\Sophos Anti-Virus Uninstall log.txt"
    2016-06-23 09:32:37 Info: Finished waiting for Uninstallation of previous version. Status returned was 0l.
    2016-06-23 09:32:37 GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll does not exist, no further action.
    2016-06-23 09:32:37 PROCESSOR_ARCHITECTURE environment variable is: AMD64
    2016-06-23 09:32:37 GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll does not exist, no further action.
    2016-06-23 09:32:37 GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\detoured.dll does not exist, no further action.
    2016-06-23 09:32:37 Deleting config file folder
    2016-06-23 09:32:37 Failed to delete config folder, 2
    2016-06-23 09:32:37 Info: Detected version of SAV has major version number: 10
    2016-06-23 09:32:37 Info: Detected version of SAV has minor version number: 3
    2016-06-23 09:32:37 ERROR: Uninstall of SAV, version = 10.3.11, succeeded but IsSAVInstalled is true (10.3.11).
    2016-06-23 09:32:37 ERROR: Upgrade failure
    2016-06-23 09:32:37 Info: Set Update Failed
    2016-06-23 09:32:37 Unable to create an instance of ComponentManager - SystemInformation cannot be informed of end of update

  • Oh Crap Sorry!

    [Edit by QC] I've deleted the large post with the complete Sophos Anti-Virus Uninstall log.txt and instead posted the relevant lines here

    MSI (s) (10:40) [09:42:28:114]: Executing op: ActionStart(Name=UninstallDriverFiles64Vista,,)
    MSI (s) (10:40) [09:42:28:115]: Executing op: CustomActionSchedule(Action=UninstallDriverFiles64Vista,ActionType=1058,Source=C:\Windows\SysWOW64\,Target="C:\Program Files (x86)\Sophos\Sophos Anti-Virus\NATIVE.EXE" /lhu "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVONACCESSDRIV.INF",)
    MSI (s) (10:40) [09:42:28:115]: Note: 1: 1721 2: UninstallDriverFiles64Vista 3: C:\Windows\SysWOW64\ 4: "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\NATIVE.EXE" /lhu "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVONACCESSDRIV.INF"
    MSI (s) (10:40) [09:42:28:115]: Product: Sophos Anti-Virus -- Error 1721.There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: UninstallDriverFiles64Vista, location: C:\Windows\SysWOW64\, command: "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\NATIVE.EXE" /lhu "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVONACCESSDRIV.INF"

    MSI (s) (10:40) [09:42:28:119]: User policy value 'DisableRollback' is 0
    MSI (s) (10:40) [09:42:28:119]: Machine policy value 'DisableRollback' is 0
    Action ended 9:42:28: InstallFinalize. Return value 3.

    [/Edit]

  • Hello BillFolger,

    guess the C:\Program Files (x86)\Sophos\Sophos Anti-Virus\ folder does exist but is pretty empty, isn't it?

    The following has helped in similar situations (coincidentally I had one case last week)

    • stop the Sophos AutopUpdate Service so that it won't interfere
    • copy native.exe from C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\native\amd64\ to the above mentioned folder
    • do the same for the files in the ...\Cache\savxp\drivers\onaccess\win7_amd64\, ...\drivers\boottasks\, and ...\drivers\sdcfilter\win7_amd64\ folders (note: all files go to ...\Sophos Anti-Virus\ not to subfolders)
    • either uninstall Sophos Anti-Virus from the Control Panel's Programs and Features or simply start the AutoUpdate service, wait for or force an update which should then succeed

    Ideally you should use the files belonging to the installed version (BTW: the logs suggest it's 10.3.11 which is about a year old) but usually it works

    Christian

  • YES!

     

    It's up and working with 10.6.

     

    Thank You Christian!

  • Hi,

    Had a similar problem on a machine today. Followed you instructions as above and all okay (Thank you!), SAVXP error message disappeared but has now created a new error:

    Event Decode Unavailable (Event Number: "-2147024891" Message Code" "SAVXP.2147942405" Inserts: "Access is denied.","","","","" [0x80070005]

    I came across this link

    https://community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/3934/event-decode-unavailable-event-number--2147024891-message-code-savxp-2147942404

    The version on the SEC is 10.7.2.46 and the one on the client is 10.7.2.49

    We are on SEC 5.5 and have over 4900 happy machines, so I am reluctant to role back the DLL on the SEC?

    Would I be better of uninstalling again and then copy the files above from a known working machine?

    Thanks

  • Hello pdturbo80,

    what's the corresponding event on the endpoint?
    As far as I can see the event number is not contained in SavRes.dll - neither 10.7.2.46 nor 10.7.2.49 (the message tables are identical so you don't have to copy anything). The message is just that, Access denied, the numbers are simply the int, uint, and hex representation of the same value.

    Christian