Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 3 subscribers
  • Views 20194 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple components fail to install.

Christian Pennington

Hey all,

I'm an IT tech trying to deploy Sophos and ran into an issue with one specific laptop. Sophos Central shows that the PC has failed to be protected in addition to failing to install ntp. However, when I launch Health, I can see under the Installed Components that about 6 components failed to install as well. I'm not at the PC at the moment so I can't say which ones specifically. I do have the latest logs attached.

I also found an article about disabling AutoUpdate and renaming some folders, but I couldn't disable AutoUpdate because, for some reason, access was denied.

Any help will be much appreciated.

Sophos Anti-Virus Major Install Log_170718_035853.txt

Fullscreen 3678.Sophos Anti-Virus Major CustomActions Log_170718_035853.txt Download 
2017-07-18 10:58:57 ExtractClassicConfig: Action started

2017-07-18 10:58:57 ExtractClassicConfig: Action succeeded

2017-07-18 10:58:58 PreInstallChecks: Action started

2017-07-18 10:58:58 PreInstallChecks: Action succeeded

2017-07-18 10:58:58 SetBootDriverStartupProperty: Action started

2017-07-18 10:58:58 SetBootDriverStartupProperty: Boot driver: not installed.

2017-07-18 10:58:58 SetBootDriverStartupProperty: Action succeeded

2017-07-18 10:58:58 SetClassFilterPresentProperty: Action started

2017-07-18 10:58:58 SetClassFilterPresentProperty: Setting class filter present property to: 1

2017-07-18 10:58:58 SetClassFilterPresentProperty: Action succeeded

2017-07-18 10:58:58 SetDriverProperty: Action started

2017-07-18 10:58:58 SetDriverProperty: PROCESSOR_ARCHITECTURE environment variable is: x86

2017-07-18 10:58:58 SetDriverProperty: Action succeeded

2017-07-18 10:58:58 SetProcessorProperties: Action started

2017-07-18 10:58:58 SetProcessorProperties: Action succeeded

2017-07-18 10:58:58 SetRestoreExcludedProcessesProperty: Action started

2017-07-18 10:58:58 SetRestoreExcludedProcessesProperty: SetRestoreExcludedProcessesProperty

2017-07-18 10:58:58 SetRestoreExcludedProcessesProperty: PROCESSOR_ARCHITECTURE environment variable is: x86

2017-07-18 10:58:58 SetRestoreExcludedProcessesProperty: Action succeeded

2017-07-18 10:59:04 CheckRegForNullDACLs: Action started

2017-07-18 10:59:04 CheckRegForNullDACLs: Action succeeded

2017-07-18 10:59:04 WaitForSAVService: Action started

2017-07-18 10:59:04 WaitForSAVService: WaitForSAVService: Walking system processes...

2017-07-18 10:59:04 WaitForSAVService: WaitForSAVService: Finished walking system processes.

2017-07-18 10:59:04 WaitForSAVService: Action succeeded

2017-07-18 10:59:05 CheckUninstallDrivers: Action started

2017-07-18 10:59:05 CheckUninstallDrivers: IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess control. Returning false.

2017-07-18 10:59:05 CheckUninstallDrivers: IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess filter. Returning false.

2017-07-18 10:59:05 CheckUninstallDrivers: Action succeeded

2017-07-18 10:59:05 DeleteIDEs: Action started

2017-07-18 10:59:05 DeleteIDEs: Action succeeded

2017-07-18 10:59:05 DeleteBDLs: Action started

2017-07-18 10:59:05 DeleteBDLs: Action succeeded

2017-07-18 10:59:05 DeleteHIPSConfig: Action started

2017-07-18 10:59:05 DeleteHIPSConfig: Action succeeded

2017-07-18 10:59:05 UpdateSavAdapterDll: Action started

2017-07-18 10:59:15 UpdateSavAdapterDll: Action succeeded

2017-07-18 10:59:15 UpdateDesktopMessaging: Action started

2017-07-18 10:59:15 UpdateDesktopMessaging: UpdateDesktopMessaging: Could not delete SAVPlugin registry key(2)

2017-07-18 10:59:15 UpdateDesktopMessaging: Action succeeded

2017-07-18 10:59:15 CopyOtherFiles: Action started

2017-07-18 10:59:15 CopyOtherFiles: CopyOtherFiles custom action - Copying other driver files

2017-07-18 10:59:15 CopyOtherFiles: Copying class filter source: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\drivers\sdcfilter\win7_i386\SDCFILTER.INF, target: C:\Program Files\Sophos\Sophos Anti-Virus\

2017-07-18 10:59:15 CopyOtherFiles: Copying boot driver source: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\drivers\boottasks\win7_i386\SOPHOSBOOTDRIVER.INF, target: C:\Program Files\Sophos\Sophos Anti-Virus\

2017-07-18 10:59:15 CopyOtherFiles: Copying kms source: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\drivers\kms\win7_i386\SKMSCAN.INF, target: C:\Program Files\Sophos\Sophos Anti-Virus\

2017-07-18 10:59:15 CopyOtherFiles: GetRidOfExistingDetoured - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll detoured exists, proceeding to rename it & mark for delete.

2017-07-18 10:59:15 CopyOtherFiles: PROCESSOR_ARCHITECTURE environment variable is: x86

2017-07-18 10:59:15 CopyOtherFiles: Copying boot tasks source: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\drivers\boottasks\win7_i386\SophosBootTasks.exe, target: C:\Windows\system32\

2017-07-18 10:59:15 CopyOtherFiles: Action succeeded

2017-07-18 10:59:15 RegisterBufferOverflowProtection: Action started

2017-07-18 10:59:15 RegisterBufferOverflowProtection: BopsUnregister: could not get short path to DLL. It will not be unregistered.

2017-07-18 10:59:15 RegisterBufferOverflowProtection: GetRidOfExistingDetoured - C:\Program Files\Sophos\Sophos Anti-Virus\detoured.dll does not exist, no further action.

2017-07-18 10:59:15 RegisterBufferOverflowProtection: BOPS path already exists

2017-07-18 10:59:15 RegisterBufferOverflowProtection: PROCESSOR_ARCHITECTURE environment variable is: x86

2017-07-18 10:59:15 RegisterBufferOverflowProtection: Action succeeded

2017-07-18 10:59:15 RestoreExcludedProcesses: Action started

2017-07-18 10:59:15 RestoreExcludedProcesses: RestoreExcludedProcesses

2017-07-18 10:59:15 RestoreExcludedProcesses: Empty excluded processes property. Nothing to be done.

2017-07-18 10:59:15 RestoreExcludedProcesses: Action succeeded

2017-07-18 10:59:15 InstallDriverFromInf: Action started

2017-07-18 10:59:15 InstallDriverFromInf: Executing RunInfSection with DefaultInstall and DefaultInstall.Services

2017-07-18 10:59:15 InstallDriverFromInf: Running inf file C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\drivers\onaccess\win7_i386\SAVONACCESSDRIV.INF with installFileSection DefaultInstall

2017-07-18 10:59:16 InstallDriverFromInf: Action succeeded

2017-07-18 10:59:16 InstallClassFilterFromInf: Action started

2017-07-18 10:59:16 InstallClassFilterFromInf: Executing RunInfSection with DefaultInstall and DefaultInstall.Services

2017-07-18 10:59:16 InstallClassFilterFromInf: Running inf file C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\drivers\sdcfilter\win7_i386\sdcfilter.inf with installFileSection DefaultInstall

2017-07-18 10:59:16 InstallClassFilterFromInf: Action succeeded

2017-07-18 10:59:16 InstallDriverFromInf: Action started

2017-07-18 10:59:16 InstallDriverFromInf: Executing RunInfSection with DefaultInstall and DefaultInstall.Services

2017-07-18 10:59:16 InstallDriverFromInf: Running inf file C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\drivers\boottasks\win7_i386\SOPHOSBOOTDRIVER.INF with installFileSection DefaultInstall

2017-07-18 10:59:16 InstallDriverFromInf: Action succeeded

2017-07-18 10:59:16 InstallDriverFromInf: Action started

2017-07-18 10:59:16 InstallDriverFromInf: Executing RunInfSection with DefaultInstall and DefaultInstall.Services

2017-07-18 10:59:16 InstallDriverFromInf: Running inf file C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\drivers\kms\win7_i386\skmscan.inf with installFileSection DefaultInstall

2017-07-18 10:59:16 InstallDriverFromInf: Action succeeded

2017-07-18 10:59:16 StartDriverServices: Action started

2017-07-18 10:59:16 StartDriverServices: Action succeeded

2017-07-18 10:59:20 UninstallDriverFromInf: Action started

2017-07-18 10:59:20 UninstallDriverFromInf: Executing RunInfSection with DefaultUninstall and DefaultUninstall.Services

2017-07-18 10:59:20 UninstallDriverFromInf: Running inf file C:\Program Files\Sophos\Sophos Anti-Virus\skmscan.inf with installFileSection DefaultUninstall

2017-07-18 10:59:20 UninstallDriverFromInf: Action succeeded

2017-07-18 10:59:20 UninstallDriverFromInf: Action started

2017-07-18 10:59:20 UninstallDriverFromInf: Executing RunInfSection with DefaultUninstall and DefaultUninstall.Services

2017-07-18 10:59:20 UninstallDriverFromInf: Running inf file C:\Program Files\Sophos\Sophos Anti-Virus\SAVONACCESSDRIV.INF with installFileSection DefaultUninstall

2017-07-18 10:59:20 UninstallDriverFromInf: Action succeeded

2017-07-18 10:59:20 UninstallDriverFromInf: Action started

2017-07-18 10:59:20 UninstallDriverFromInf: Executing RunInfSection with DefaultUninstall and DefaultUninstall.Services

2017-07-18 10:59:20 UninstallDriverFromInf: Running inf file C:\Program Files\Sophos\Sophos Anti-Virus\SOPHOSBOOTDRIVER.INF with installFileSection DefaultUninstall

2017-07-18 10:59:20 UninstallDriverFromInf: Action succeeded

2017-07-18 10:59:20 UpdateDesktopMessaging: Action started

2017-07-18 10:59:20 UpdateDesktopMessaging: UpdateDesktopMessaging: Could not delete SAVPlugin registry key(2)

2017-07-18 10:59:20 UpdateDesktopMessaging: Action succeeded

2017-07-18 10:59:20 RollbackUpdateSavAdapterDll: Action started

2017-07-18 10:59:20 RollbackUpdateSavAdapterDll: Action succeeded

2017-07-18 10:59:20 DeleteOtherFiles: Action started

2017-07-18 10:59:20 DeleteOtherFiles: Unable to get list of engine files from C:\Program Files\Sophos\Sophos Anti-Virus\engsync.upd

2017-07-18 10:59:20 Error deleting file: C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll.stf00 with error: Access is denied.



2017-07-18 10:59:20 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll detoured exists, proceeding to rename it & mark for delete.

2017-07-18 10:59:20 DeleteOtherFiles: PROCESSOR_ARCHITECTURE environment variable is: x86

2017-07-18 10:59:20 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Program Files\Sophos\Sophos Anti-Virus\detoured.dll does not exist, no further action.

2017-07-18 10:59:20 DeleteOtherFiles: Deleting config file folder

2017-07-18 10:59:20 DeleteOtherFiles: Failed to delete config folder, 2

2017-07-18 10:59:20 Error deleting file: C:\ProgramData\Sophos\Sophos Anti-Virus\\Infected\Low with error: Access is denied.



2017-07-18 10:59:20 DeleteOtherFiles: Action succeeded

2017-07-18 10:59:20 ForceDeleteUserPlugin: Action started

2017-07-18 10:59:20 ForceDeleteUserPlugin: Error deleting DesktopMessaging registry key. Returned error was: The system cannot find the file specified.



2017-07-18 10:59:20 ForceDeleteUserPlugin: Error deleting user pluging registry key. Returned error was: The system cannot find the file specified.



2017-07-18 10:59:20 ForceDeleteUserPlugin: Action succeeded

2017-07-18 10:59:21 ForceDeleteFiles: Action started

2017-07-18 10:59:21 ForceDeleteFiles: Action succeeded

2017-07-18 10:59:21 RunErrorScripts: Action started

2017-07-18 10:59:21 RunErrorScripts: Action succeeded

2017-07-18 10:59:21 RestoreMovedFiles: Action started

2017-07-18 10:59:21 RestoreMovedFiles: Action succeeded

2017-07-18 10:59:21 SetUpdateFailed: Action started

2017-07-18 10:59:21 SetUpdateFailed: Unable to create an instance of ComponentManager - SystemInformation cannot be informed of end of update

2017-07-18 10:59:21 SetUpdateFailed: Action succeeded



This thread was automatically locked due to age.
Parents
  • 0

    MSI (s) (08:BC) [10:59:17:854]: Executing op: ActionStart(Name=RegisterEventManifest,,)
    MSI (s) (08:BC) [10:59:17:854]: Executing op: CustomActionSchedule(Action=RegisterEventManifest,ActionType=3073,Source=BinaryData,Target=CAQuietExec,CustomActionData="wevtutil.exe" im "C:\Program Files\Sophos\Sophos Anti-Virus\Instrumentation.man")
    MSI (s) (08:00) [10:59:17:854]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI6849.tmp, Entrypoint: CAQuietExec
    CAQuietExec: Error 0x800700ff: Command line returned an error.
    CAQuietExec: Error 0x800700ff: CAQuietExec Failed
    CustomAction RegisterEventManifest returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

    Can you run wevtutil.exe on this computer?

    Does running:
    where wevtutil.exe

    find it in the "path" and if so, is it in the same path as a working computer?

    Regards,

    Jak

  • 0 in reply to jak

    For both this PC and a working PC I get "INFO: Could not find files for the given pattern(s)."

     

    EDIT: The command should be "where wevtutil.exe". I'm going to try it again.

     

    Thanks,

    Christian

Reply Children
No Data
Unfiltered HTML