Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 25 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 85212 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Update - Failed to install SAVXP: A previous version could not...

LorenAnuszewski

Hi...

I'm receving the following in SEC  "00000067 Failed to install SAVXP. A previous version could not be uninstalled"

and in the Sophos Antivirus uninstall log

CustomAction UninstallDriverFiles64Vista returned actual error code -1079 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (s) (38:30) [10:10:19:389]: Product: Sophos Anti-Virus -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action UninstallDriverFiles64Vista, location: C:\Windows\SysWOW64\, command: "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\NATIVE.EXE" /lhu "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVONACCESSDRIV.INF"

I read a post recommeding copying NATIVE.EXE from the CIDS directory because it was not there, however I receive the same results.

Any insight would be much appreciated!



This thread was automatically locked due to age.
  • 0 in reply to QC

    Hi Christian,

    Thank you. Looks like that key is there and the service is NT\SntpService. I checked the permissions SYSTEMS and Administrators have Full Control, SntPService has read but SAVService is not listed..

  • 0 in reply to pdturbo80

    Hello Peter,

    guess the SAVService permission isn't required at this point but maybe the value is. Please add it and give it a try.

    Christian

  • 0 in reply to QC

    Hi,

    I'll give it a try.

    Thanks

    Peter

  • 0 in reply to pdturbo80

    Hi QC,

     

    I've the same issue here and will attach my log files here from one of the User's Machine.

    Fullscreen 3157.Sophos Anti-Virus Major CustomActions Log_171101_095051.txt Download 
    2017-11-01 12:50:52 ExtractClassicConfig: Action started

2017-11-01 12:50:52 ExtractClassicConfig: Action succeeded

2017-11-01 12:50:52 PreInstallChecks: Action started

2017-11-01 12:50:52 PreInstallChecks: Action succeeded

2017-11-01 12:50:52 SetClassFilterPresentProperty: Action started

2017-11-01 12:50:52 SetClassFilterPresentProperty: Setting class filter present property to: 1

2017-11-01 12:50:52 SetClassFilterPresentProperty: Action succeeded

2017-11-01 12:50:52 SetDriverProperty: Action started

2017-11-01 12:50:52 SetDriverProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-11-01 12:50:52 SetDriverProperty: Action succeeded

2017-11-01 12:50:52 SetProcessorProperties: Action started

2017-11-01 12:50:52 SetProcessorProperties: Action succeeded

2017-11-01 12:50:52 SetRestoreExcludedProcessesProperty: Action started

2017-11-01 12:50:52 SetRestoreExcludedProcessesProperty: SetRestoreExcludedProcessesProperty

2017-11-01 12:50:52 SetRestoreExcludedProcessesProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-11-01 12:50:52 SetRestoreExcludedProcessesProperty: Action succeeded

2017-11-01 12:50:58 CheckRegForNullDACLs: Action started

2017-11-01 12:50:58 CheckRegForNullDACLs: Action succeeded

2017-11-01 12:50:58 SetUpdateBegin: Action started

2017-11-01 12:50:58 SetUpdateBegin: Action succeeded

2017-11-01 12:50:58 CloseSavMainWindow: Action started

2017-11-01 12:50:58 CloseSavMainWindow: Action succeeded

2017-11-01 12:50:58 DisableServices: Action started

2017-11-01 12:50:59 DisableServices: Action succeeded

2017-11-01 12:51:00 ForceStopSAVService: Action started

2017-11-01 12:51:00 ForceStopSAVService: ForceStopService: Stopping SAVService

2017-11-01 12:51:01 ForceStopSAVService: ForceStopService: Checking if service is still running

2017-11-01 12:51:01 ForceStopSAVService: ForceStopService: Stopping SAVAdminService

2017-11-01 12:51:01 ForceStopSAVService: ForceStopService: Checking if service is still running

2017-11-01 12:51:01 ForceStopSAVService: ForceStopSAVService: Services have been stopped

2017-11-01 12:51:01 ForceStopSAVService: Action succeeded

2017-11-01 12:51:01 WaitForSAVService: Action started

2017-11-01 12:51:01 WaitForSAVService: WaitForSAVService: Walking system processes...

2017-11-01 12:51:01 WaitForSAVService: WaitForSAVService: Finished walking system processes.

2017-11-01 12:51:01 WaitForSAVService: Action succeeded

2017-11-01 12:51:01 CheckUninstallDrivers: Action started

2017-11-01 12:51:01 CheckUninstallDrivers: IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess control. Returning false.

2017-11-01 12:51:01 CheckUninstallDrivers: IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess filter. Returning false.

2017-11-01 12:51:01 CheckUninstallDrivers: Action succeeded

2017-11-01 12:51:01 DeleteIDEs: Action started

2017-11-01 12:51:01 DeleteIDEs: Action succeeded

2017-11-01 12:51:01 DeleteBDLs: Action started

2017-11-01 12:51:01 DeleteBDLs: Action succeeded

2017-11-01 12:51:01 DeleteHIPSConfig: Action started

2017-11-01 12:51:01 DeleteHIPSConfig: Action succeeded

2017-11-01 12:51:01 RemoveFilesOnUpgrade: Action started

2017-11-01 12:51:01 RemoveFilesOnUpgrade: Action succeeded

2017-11-01 12:51:01 UpdateSavAdapterDll: Action started

2017-11-01 12:51:11 UpdateSavAdapterDll: Action succeeded

2017-11-01 12:51:11 UpdateDesktopMessaging: Action started

2017-11-01 12:51:11 UpdateDesktopMessaging: UpdateDesktopMessaging: Could not delete SAVPlugin registry key(2)

2017-11-01 12:51:11 UpdateDesktopMessaging: Action succeeded

2017-11-01 12:51:11 CopyOtherFiles: Action started

2017-11-01 12:51:11 CopyOtherFiles: CopyOtherFiles custom action - Copying other driver files

2017-11-01 12:51:11 CopyOtherFiles: Copying class filter source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\sdcfilter\win7_amd64\SDCFILTER.INF, target: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\

2017-11-01 12:51:11 CopyOtherFiles: Copying boot driver source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\boottasks\win7_amd64\SOPHOSBOOTDRIVER.INF, target: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\

2017-11-01 12:51:11 CopyOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll detoured exists, proceeding to rename it & mark for delete.

2017-11-01 12:51:11 CopyOtherFiles: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-11-01 12:51:11 CopyOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll detoured exists, proceeding to rename it & mark for delete.

2017-11-01 12:51:11 CopyOtherFiles: Copying boot tasks source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\boottasks\win7_amd64\SophosBootTasks.exe, target: C:\Windows\system32\

2017-11-01 12:51:11 CopyOtherFiles: Action succeeded

2017-11-01 12:51:11 ForceDeleteUserPlugin: Action started

2017-11-01 12:51:11 ForceDeleteUserPlugin: Error deleting DesktopMessaging registry key. Returned error was: The system cannot find the file specified.



2017-11-01 12:51:11 ForceDeleteUserPlugin: Error deleting user pluging registry key. Returned error was: The system cannot find the file specified.



2017-11-01 12:51:11 ForceDeleteUserPlugin: Action succeeded

2017-11-01 12:51:11 RegisterBufferOverflowProtection: Action started

2017-11-01 12:51:11 RegisterBufferOverflowProtection: BopsUnregister: could not get short path to DLL. It will not be unregistered.

2017-11-01 12:51:11 RegisterBufferOverflowProtection: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\detoured.dll does not exist, no further action.

2017-11-01 12:51:11 RegisterBufferOverflowProtection: BOPS path already exists

2017-11-01 12:51:11 RegisterBufferOverflowProtection: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-11-01 12:51:11 RegisterBufferOverflowProtection: BOPS path already exists

2017-11-01 12:51:11 RegisterBufferOverflowProtection: Action succeeded

2017-11-01 12:51:11 RestoreExcludedProcesses: Action started

2017-11-01 12:51:11 RestoreExcludedProcesses: RestoreExcludedProcesses

2017-11-01 12:51:11 RestoreExcludedProcesses: Empty excluded processes property. Nothing to be done.

2017-11-01 12:51:11 RestoreExcludedProcesses: Action succeeded

2017-11-01 12:51:11 StartDriverServices: Action started

2017-11-01 12:51:11 StartDriverServices: IsServiceRunning: Unable to get a handle to requested service skmscan. Returning false.

2017-11-01 12:51:11 StartDriverServices: Unable to get a handle to kms service - service will not be started until next reboot

2017-11-01 12:51:11 StartDriverServices: Mini filter service is running

2017-11-01 12:51:11 StartDriverServices: Action succeeded

2017-11-01 12:51:14 CreateUserGroups: Action started

2017-11-01 12:51:14 CreateUserGroups: Unable to create local SophosUserGroup

2017-11-01 12:51:14 CreateUserGroups: Unable to create local SophosPowerGroup

2017-11-01 12:51:14 CreateUserGroups: Unable to create local SophosAdminGroup

2017-11-01 12:51:14 CreateUserGroups: Unable to create local OnAccessGroup

2017-11-01 12:51:15 CreateUserGroups: Local name of well-known group Administrators is Administrators

2017-11-01 12:51:15 CreateUserGroups: Local name of well-known group PowerUsers is Power Users

2017-11-01 12:51:15 CreateUserGroups: Local name of well-known group Users is Users

2017-11-01 12:51:15 CreateUserGroups: SophosUser already exists - skipped adding members

2017-11-01 12:51:15 CreateUserGroups: SophosPowerUser already exists - skipped adding members

2017-11-01 12:51:15 CreateUserGroups: SophosAdministrator already exists - skipped adding members

2017-11-01 12:51:15 CreateUserGroups: Adding LOCAL SYSTEM to the SophosAdministrator role in the machine file

2017-11-01 12:51:15 CreateUserGroups: No need to restart Sophos Agent service

2017-11-01 12:51:15 CreateUserGroups: Action succeeded

2017-11-01 12:51:15 PurgeIOfficeAVCache: Action started

2017-11-01 12:51:15 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-11-01 12:51:15 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-11-01 12:51:15 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-11-01 12:51:15 PurgeIOfficeAVCache: Opened key name S-1-5-21-1645522239-287218729-682003330-465432\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}

2017-11-01 12:51:15 PurgeIOfficeAVCache: Unable to remove Enum sub key: 0x2

2017-11-01 12:51:15 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-11-01 12:51:15 PurgeIOfficeAVCache: Opened key name S-1-5-21-1645522239-287218729-682003330-465432\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}

2017-11-01 12:51:15 PurgeIOfficeAVCache: Unable to remove Enum sub key: 0x2

2017-11-01 12:51:15 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-11-01 12:51:15 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-11-01 12:51:15 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-11-01 12:51:15 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-11-01 12:51:15 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-11-01 12:51:15 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-11-01 12:51:15 PurgeIOfficeAVCache: Action succeeded

2017-11-01 12:51:15 EnableAttachmentScanning: Action started

2017-11-01 12:51:15 EnableAttachmentScanning: ScanWithAntiVirus value is already set to 3

2017-11-01 12:51:15 EnableAttachmentScanning: Action succeeded

2017-11-01 12:51:15 AddDomainGroups: Action started

2017-11-01 12:51:15 AddDomainGroups: Found SophosDomainUser group

2017-11-01 12:51:15 AddDomainGroups: Found SophosDomainPowerUser group

2017-11-01 12:51:15 AddDomainGroups: Found SophosDomainAdministrator group

2017-11-01 12:51:15 AddDomainGroups: Added SophosDomainAdministrator group to SophosAdministrator group

2017-11-01 12:51:15 AddDomainGroups: Added SophosDomainPowerUser group to SophosPowerUser group

2017-11-01 12:51:15 AddDomainGroups: Added SophosDomainUser group to SophosUser group

2017-11-01 12:51:15 AddDomainGroups: Action succeeded

2017-11-01 12:51:17 UpdateSAVI: Action started

2017-11-01 12:51:18 UpdateSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate

2017-11-01 12:51:18 UpdateSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__

2017-11-01 12:51:18 UpdateSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate

2017-11-01 12:51:18 UpdateSAVI: UpdateRequest signalled

2017-11-01 12:51:18 UpdateSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended

2017-11-01 12:51:18 UpdateSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__

2017-11-01 12:51:18 UpdateSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended

2017-11-01 12:51:18 UpdateSAVI: MSCM version orig: 0.3.0.90 new: 0.3.0.90

2017-11-01 12:51:19 UpdateSAVI: SAVI dll was installed successfully

2017-11-01 12:51:19 UpdateSAVI: Action succeeded

2017-11-01 12:51:19 SetFolderPermissions: Action started

2017-11-01 12:51:19 SetFolderPermissions: We are running on XP or higher - adding LocalService to permissions on config files

2017-11-01 12:51:19 SetFolderPermissions: We are running on XP or higher - adding LocalService to permissions on config files

2017-11-01 12:51:19 SetFolderPermissions: Action succeeded

2017-11-01 12:51:24 CreateTamperProtectionRegKey: Action started

2017-11-01 12:51:24 CreateTamperProtectionRegKey: Action succeeded

2017-11-01 12:51:24 SetServiceXP: Action started

2017-11-01 12:51:24 SetServiceXP: Action succeeded

2017-11-01 12:51:24 SetSAVServiceSID: Action started

2017-11-01 12:51:24 SetSAVServiceSID: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-11-01 12:51:24 SetSAVServiceSID: Action succeeded

2017-11-01 12:51:24 SetServiceSecurity: Action started

2017-11-01 12:51:25 SetServiceSecurity: Adding SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP to SavService launch permissions

2017-11-01 12:51:25 SetServiceSecurity: Adding SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP to SavService launch permissions

2017-11-01 12:51:25 SetServiceSecurity: Action succeeded

2017-11-01 12:51:25 SetServiceRecoveryActions: Action started

2017-11-01 12:51:26 SetServiceRecoveryActions: Action succeeded

2017-11-01 12:51:26 InstallDeviceControl: Action started

2017-11-01 12:51:26 InstallDeviceControl: InstallDeviceControlInstallDeviceControl: Failed to copy sdcservice (0x80070020)

2017-11-01 12:51:26 InstallDeviceControl: Action succeeded

2017-11-01 12:51:26 RemoveTamperProtectionRegKey: Action started

2017-11-01 12:51:26 RemoveTamperProtectionRegKey: Action succeeded

2017-11-01 12:51:35 UpdateDesktopMessaging: Action started

2017-11-01 12:51:35 UpdateDesktopMessaging: UpdateDesktopMessaging: Could not delete SAVPlugin registry key(2)

2017-11-01 12:51:35 UpdateDesktopMessaging: Action succeeded

2017-11-01 12:51:35 RollbackUpdateSavAdapterDll: Action started

2017-11-01 12:51:35 RollbackUpdateSavAdapterDll: Action succeeded

2017-11-01 12:51:40 RollbackDisableServices: Action started

2017-11-01 12:51:40 RollbackDisableServices: Action succeeded

2017-11-01 12:51:40 RunErrorScripts: Action started

2017-11-01 12:51:40 RunErrorScripts: Action succeeded

2017-11-01 12:51:40 RestoreMovedFiles: Action started

2017-11-01 12:51:40 RestoreMovedFiles: Action succeeded

2017-11-01 12:51:40 SetUpdateFailed: Action started

2017-11-01 12:51:47 SetUpdateFailed: Action succeeded

    Please advise for solution.

    Regards.

  • 0 in reply to Faisal Raza1

    Hello Faisal,

    hm, it's not obvious what failure has actually been considered as fatal. What does the corresponding Install (or uninstall) log say?

    Christian

Unfiltered HTML