This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Anti-Virus will not install on one PC

I'm currently having an issue with just one PC.  This started a month or so ago when 10.6.4 was applied to all of the clients via the Recommended update policy.  Network Threat Protection, System Protection, Remote Management System, AutoUpdate and Endpoint Defense all install properly, but the Anti-Virus portion fails.  Has anyone seen this before?  The PC is a Windows 7 32-bit machine.  I've removed and reinstalled several times.  I've also tried the instructions in this post to no avail:  community.sophos.com/.../57500

Thanks.

KiR



This thread was automatically locked due to age.
  • Can you attach or link (Pastebin?) the SAV MSI install and custom action log files from the failed install:

    %windir%\Temp\

    • Sophos Anti-Virus Install Log_(datetime).txt
    • Sophos Anti-Virus CustomActions Log_(datetime).txt

      They are a pair, the date and time is the same for the two files.

    Regards,

    Jak

  • Hi Jak,

    The logs are below:

    http://pastebin.com/jDvJFehB

    http://pastebin.com/XFANwzZW

     

    Thanks for your assistance!

    KiR

  • Hi Christian,

    Thank you for taking the time to look at the logs.  Unfortunately, that's one of the first things I checked.

    KiR

  • Hello KiR,

    too bad this isn't the cause. Wonder if it then is the AppInit_DLLs key?

    Christian

  • Hi Christian,

    OK, there is definitely something wrong with the Windows registry key.  The permissions on the HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows look fine, but I just noticed that the key is empty.  I tried to import from another computer and I get a cannot import error:  "Not all data was successfully written to the registry.  Some keys are open by the system or other processes".  I used both Process Explorer and Resource Manager and they aren't showing anything locking the key.  However, when I attempt to modify the permissions, I receive an "Unable to save permission changes on Windows.  A device attached to the system is not functioning." error.  This is going to be fun!

    Thanks.

    KiR

  • Hi,

    If you just want to get Sophos installed for now, you could try creating the following keys:

    64-bit computers:
    [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\SetupOptions]
    "DetourDLLState"="excluded"

    32-bit computers:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVService\SetupOptions]
    "DetourDLLState"="excluded"

    As this causes the custom actions in the SAV MSI to skip adding detours, it might at least allow you to get the computer protected I would think.  

    You could then probably just add the keys manually at a later time and remove the above DetourDLLState keys.

    Note: Not having detours will prevent certain aspects of Data Control from working and will remove Buffer Overflow.

    Hope it offers something while to fix the permission issue.

    Regards,


    Jak

  • Jak!  You are a genius!  I created the key you suggested and forced an update.  The Anti-Virus portion of Sophos installed with no issues.  We still have the permissions issue with that key, but I think there's a bigger issue in play there.  Anyway, thank you so much for your help!!!

    KiR