Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 3 subscribers
  • Views 14504 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Failed to install the SAVXP. The MSI has failed.

Evan Wolf

This Error has been repeating itself for over 2 months.  I have tried uninstalling and reinstalling Sophos from the SEC.  When reinstalling Sophos AV is the only component that doesn't get reinstalled.  Attached is the Custom Actions Log and a snip it of the Major install log.

 

MSI (s) (08:0C) [12:33:52:455]: Executing op: ComponentRegister(ComponentId={6DEE3B23-340D-4E95-9F03-A14651369222},KeyPath=C:\ProgramData\Sophos\Sophos Anti-Virus\Config\machine.xml,State=3,ProductKey={00000000-0000-0000-0000-000000000000},,SharedDllRefCount=0,BinaryType=0)
MSI (s) (08:0C) [12:33:52:456]: Executing op: ComponentUnregister(ComponentId={6DEE3B23-340D-4E95-9F03-A14651369222},ProductKey={65323B2D-83D4-470D-A209-D769DB30BBDB},BinaryType=0,)
MSI (s) (08:0C) [12:33:52:456]: Executing op: ActionStart(Name=RunErrorScript,,)
MSI (s) (08:0C) [12:33:52:456]: Executing op: CustomActionRollback(Action=RunErrorScript,ActionType=1345,Source=BinaryData,Target=RunErrorScripts,CustomActionData="C:\Program Files (x86)\Sophos\Sophos Anti-Virus\""C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\decode\savxp\""10.7.2.49")
MSI (s) (08:EC) [12:33:52:458]: Invoking remote custom action. DLL: C:\Windows\Installer\MSID293.tmp, Entrypoint: RunErrorScripts
MSI (s) (08:0C) [12:33:52:595]: Executing op: ActionStart(Name=CheckRegForNullDACLs,,)
MSI (s) (08:0C) [12:33:52:595]: Executing op: ActionStart(Name=RestoreMovedFiles,,)
MSI (s) (08:0C) [12:33:52:595]: Executing op: CustomActionRollback(Action=RestoreMovedFiles,ActionType=1281,Source=BinaryData,Target=RestoreMovedFiles,CustomActionData=C:\Program Files (x86)\Sophos\Sophos Anti-Virus\)
MSI (s) (08:AC) [12:33:52:595]: Invoking remote custom action. DLL: C:\Windows\Installer\MSID311.tmp, Entrypoint: RestoreMovedFiles
MSI (s) (08:0C) [12:33:52:813]: Executing op: ActionStart(Name=SetUpdateFailed,,)
MSI (s) (08:0C) [12:33:52:814]: Executing op: CustomActionRollback(Action=SetUpdateFailed,ActionType=1281,Source=BinaryData,Target=SetUpdateFailed,)
MSI (s) (08:C4) [12:33:52:817]: Invoking remote custom action. DLL: C:\Windows\Installer\MSID3FC.tmp, Entrypoint: SetUpdateFailed
MSI (s) (08:0C) [12:33:53:215]: Executing op: End(Checksum=0,ProgressTotalHDWord=0,ProgressTotalLDWord=0)
MSI (s) (08:0C) [12:33:53:215]: Error in rollback skipped. Return: 5
MSI (s) (08:0C) [12:33:53:224]: Note: 1: 2318 2:
MSI (s) (08:0C) [12:33:53:225]: No System Restore sequence number for this installation.
MSI (s) (08:0C) [12:33:53:225]: Unlocking Server
MSI (s) (08:0C) [12:33:53:229]: PROPERTY CHANGE: Deleting UpdateStarted property. Its current value is '1'.
Action ended 12:33:53: InstallFinalize. Return value 3.
Action ended 12:33:53: INSTALL. Return value 3.

 

 

Fullscreen Sophos Anti-Virus Major CustomActions Log_170802_053139.txt Download 
2017-08-02 12:31:52 ExtractClassicConfig: Action started

2017-08-02 12:31:52 ExtractClassicConfig: Action succeeded

2017-08-02 12:31:52 PreInstallChecks: Action started

2017-08-02 12:31:52 PreInstallChecks: Action succeeded

2017-08-02 12:31:52 SetBootDriverStartupProperty: Action started

2017-08-02 12:31:52 SetBootDriverStartupProperty: Boot driver: not installed.

2017-08-02 12:31:52 SetBootDriverStartupProperty: Action succeeded

2017-08-02 12:31:53 SetClassFilterPresentProperty: Action started

2017-08-02 12:31:53 SetClassFilterPresentProperty: Setting class filter present property to: 0

2017-08-02 12:31:53 SetClassFilterPresentProperty: Action succeeded

2017-08-02 12:31:53 SetDriverProperty: Action started

2017-08-02 12:31:53 SetDriverProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:31:53 SetDriverProperty: Action succeeded

2017-08-02 12:31:54 SetProcessorProperties: Action started

2017-08-02 12:31:54 SetProcessorProperties: Action succeeded

2017-08-02 12:31:54 SetRestoreExcludedProcessesProperty: Action started

2017-08-02 12:31:54 SetRestoreExcludedProcessesProperty: SetRestoreExcludedProcessesProperty

2017-08-02 12:31:54 SetRestoreExcludedProcessesProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:31:54 SetRestoreExcludedProcessesProperty: Action succeeded

2017-08-02 12:32:06 CheckRegForNullDACLs: Action started

2017-08-02 12:32:06 CheckRegForNullDACLs: Action succeeded

2017-08-02 12:32:07 WaitForSAVService: Action started

2017-08-02 12:32:07 WaitForSAVService: WaitForSAVService: Walking system processes...

2017-08-02 12:32:07 WaitForSAVService: WaitForSAVService: Finished walking system processes.

2017-08-02 12:32:07 WaitForSAVService: Action succeeded

2017-08-02 12:32:08 CheckUninstallDrivers: Action started

2017-08-02 12:32:08 CheckUninstallDrivers: IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess control. Returning false.

2017-08-02 12:32:08 CheckUninstallDrivers: IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess filter. Returning false.

2017-08-02 12:32:08 CheckUninstallDrivers: Action succeeded

2017-08-02 12:32:09 DeleteIDEs: Action started

2017-08-02 12:32:09 DeleteIDEs: Action succeeded

2017-08-02 12:32:09 DeleteBDLs: Action started

2017-08-02 12:32:09 DeleteBDLs: Action succeeded

2017-08-02 12:32:09 DeleteHIPSConfig: Action started

2017-08-02 12:32:09 DeleteHIPSConfig: Action succeeded

2017-08-02 12:32:10 UpdateSavAdapterDll: Action started

2017-08-02 12:32:20 UpdateSavAdapterDll: Action succeeded

2017-08-02 12:32:20 UpdateDesktopMessaging: Action started

2017-08-02 12:32:20 UpdateDesktopMessaging: UpdateDesktopMessaging: Could not delete SAVPlugin registry key(2)

2017-08-02 12:32:20 UpdateDesktopMessaging: Action succeeded

2017-08-02 12:32:20 CopyOtherFiles: Action started

2017-08-02 12:32:20 CopyOtherFiles: CopyOtherFiles custom action - Copying other driver files

2017-08-02 12:32:20 CopyOtherFiles: Copying class filter source: C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\decode\savxp\drivers\sdcfilter\win7_amd64\SDCFILTER.INF, target: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\

2017-08-02 12:32:20 CopyOtherFiles: Copying boot driver source: C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\decode\savxp\drivers\boottasks\win7_amd64\SOPHOSBOOTDRIVER.INF, target: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\

2017-08-02 12:32:20 CopyOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll detoured exists, proceeding to rename it & mark for delete.

2017-08-02 12:32:20 CopyOtherFiles: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:32:20 CopyOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll detoured exists, proceeding to rename it & mark for delete.

2017-08-02 12:32:20 CopyOtherFiles: Copying boot tasks source: C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\decode\savxp\drivers\boottasks\win7_amd64\SophosBootTasks.exe, target: C:\Windows\system32\

2017-08-02 12:32:20 CopyOtherFiles: Action succeeded

2017-08-02 12:32:20 RegisterBufferOverflowProtection: Action started

2017-08-02 12:32:20 RegisterBufferOverflowProtection: BopsUnregister: could not get short path to DLL. It will not be unregistered.

2017-08-02 12:32:20 RegisterBufferOverflowProtection: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\detoured.dll does not exist, no further action.

2017-08-02 12:32:20 RegisterBufferOverflowProtection: BOPS path already exists

2017-08-02 12:32:20 RegisterBufferOverflowProtection: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:32:20 RegisterBufferOverflowProtection: BOPS path already exists

2017-08-02 12:32:20 RegisterBufferOverflowProtection: Action succeeded

2017-08-02 12:32:21 RestoreExcludedProcesses: Action started

2017-08-02 12:32:21 RestoreExcludedProcesses: RestoreExcludedProcesses

2017-08-02 12:32:21 RestoreExcludedProcesses: Empty excluded processes property. Nothing to be done.

2017-08-02 12:32:21 RestoreExcludedProcesses: Action succeeded

2017-08-02 12:32:40 StartDriverServices: Action started

2017-08-02 12:32:40 StartDriverServices: IsServiceRunning: Unable to get a handle to requested service skmscan. Returning false.

2017-08-02 12:32:40 StartDriverServices: Unable to get a handle to kms service - service will not be started until next reboot

2017-08-02 12:32:40 StartDriverServices: Action succeeded

2017-08-02 12:32:59 CreateUserGroups: Action started

2017-08-02 12:32:59 CreateUserGroups: Unable to create local SophosUserGroup

2017-08-02 12:32:59 CreateUserGroups: Unable to create local SophosPowerGroup

2017-08-02 12:32:59 CreateUserGroups: Unable to create local SophosAdminGroup

2017-08-02 12:32:59 CreateUserGroups: Unable to create local OnAccessGroup

2017-08-02 12:32:59 CreateUserGroups: Local name of well-known group Administrators is Administrators

2017-08-02 12:32:59 CreateUserGroups: Local name of well-known group PowerUsers is Power Users

2017-08-02 12:32:59 CreateUserGroups: Local name of well-known group Users is Users

2017-08-02 12:32:59 CreateUserGroups: SophosUser already exists - skipped adding members

2017-08-02 12:32:59 CreateUserGroups: SophosPowerUser already exists - skipped adding members

2017-08-02 12:32:59 CreateUserGroups: SophosAdministrator already exists - skipped adding members

2017-08-02 12:32:59 CreateUserGroups: Adding LOCAL SYSTEM to the SophosAdministrator role in the machine file

2017-08-02 12:33:05 CreateUserGroups: Action succeeded

2017-08-02 12:33:06 PurgeIOfficeAVCache: Action started

2017-08-02 12:33:06 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:06 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:06 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:06 PurgeIOfficeAVCache: Opened key name S-1-5-21-785017407-1344295933-1538882281-3884\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}

2017-08-02 12:33:06 PurgeIOfficeAVCache: Unable to remove Enum sub key: 0x2

2017-08-02 12:33:06 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:06 PurgeIOfficeAVCache: Opened key name S-1-5-21-785017407-1344295933-1538882281-3884\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}

2017-08-02 12:33:06 PurgeIOfficeAVCache: Unable to remove Enum sub key: 0x2

2017-08-02 12:33:06 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:06 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:06 PurgeIOfficeAVCache: Opened key name S-1-5-21-785017407-1344295933-1538882281-6932\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}

2017-08-02 12:33:06 PurgeIOfficeAVCache: Unable to remove Enum sub key: 0x2

2017-08-02 12:33:06 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:06 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:06 PurgeIOfficeAVCache: Action succeeded

2017-08-02 12:33:06 EnableAttachmentScanning: Action started

2017-08-02 12:33:06 EnableAttachmentScanning: ScanWithAntiVirus value is already set to 3

2017-08-02 12:33:06 EnableAttachmentScanning: Action succeeded

2017-08-02 12:33:06 AddDomainGroups: Action started

2017-08-02 12:33:06 AddDomainGroups: Found SophosDomainUser group

2017-08-02 12:33:06 AddDomainGroups: Found SophosDomainPowerUser group

2017-08-02 12:33:06 AddDomainGroups: Found SophosDomainAdministrator group

2017-08-02 12:33:07 AddDomainGroups: Added SophosDomainAdministrator group to SophosAdministrator group

2017-08-02 12:33:07 AddDomainGroups: Added SophosDomainPowerUser group to SophosPowerUser group

2017-08-02 12:33:07 AddDomainGroups: Added SophosDomainUser group to SophosUser group

2017-08-02 12:33:07 AddDomainGroups: Action succeeded

2017-08-02 12:33:19 SetSAVAdminUpdateBegin: Action started

2017-08-02 12:33:19 SetSAVAdminUpdateBegin: Action succeeded

2017-08-02 12:33:20 UpdateSAVI: Action started

2017-08-02 12:33:20 UpdateSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate

2017-08-02 12:33:20 UpdateSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__

2017-08-02 12:33:20 UpdateSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate

2017-08-02 12:33:20 UpdateSAVI: UpdateRequest signalled

2017-08-02 12:33:20 UpdateSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended

2017-08-02 12:33:20 UpdateSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__

2017-08-02 12:33:20 UpdateSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended

2017-08-02 12:33:20 UpdateSAVI: MSCM version orig:  new: 0.3.0.90

2017-08-02 12:33:20 UpdateSAVI: Copying MSCM from: C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\decode\savxp\savmscm.dll to: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\savmscm.dll

2017-08-02 12:33:20 UpdateSAVI: Registered MSCM

2017-08-02 12:33:32 UpdateSAVI: SAVI dll was installed successfully

2017-08-02 12:33:32 UpdateSAVI: Action succeeded

2017-08-02 12:33:32 SetFolderPermissions: Action started

2017-08-02 12:33:32 SetFolderPermissions: We are running on XP or higher - adding LocalService to permissions on config files

2017-08-02 12:33:32 SetFolderPermissions: We are running on XP or higher - adding LocalService to permissions on config files

2017-08-02 12:33:33 SetFolderPermissions: Action succeeded

2017-08-02 12:33:34 CreateTamperProtectionRegKey: Action started

2017-08-02 12:33:34 CreateTamperProtectionRegKey: Action succeeded

2017-08-02 12:33:35 SetServiceXP: Action started

2017-08-02 12:33:35 SetServiceXP: Action succeeded

2017-08-02 12:33:35 SetSAVServiceSID: Action started

2017-08-02 12:33:35 SetSAVServiceSID: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:35 SetSAVServiceSID: Action succeeded

2017-08-02 12:33:36 SetServiceSecurity: Action started

2017-08-02 12:33:36 SetServiceSecurity: Adding SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP to SavService launch permissions

2017-08-02 12:33:36 SetServiceSecurity: Adding SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP to SavService launch permissions

2017-08-02 12:33:36 SetServiceSecurity: Action succeeded

2017-08-02 12:33:36 SetServiceRecoveryActions: Action started

2017-08-02 12:33:36 SetServiceRecoveryActions: Action succeeded

2017-08-02 12:33:36 InstallDeviceControl: Action started

2017-08-02 12:33:36 InstallDeviceControl: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:36 InstallDeviceControl: Action succeeded

2017-08-02 12:33:36 SetAdminGroupDescription: Action started

2017-08-02 12:33:36 SetAdminGroupDescription: Action succeeded

2017-08-02 12:33:36 SetPowerGroupDescription: Action started

2017-08-02 12:33:36 SetPowerGroupDescription: Action succeeded

2017-08-02 12:33:36 SetUserGroupDescription: Action started

2017-08-02 12:33:37 SetUserGroupDescription: Action succeeded

2017-08-02 12:33:37 SetOnAccessGroupDescription: Action started

2017-08-02 12:33:37 SetOnAccessGroupDescription: Action succeeded

2017-08-02 12:33:37 DisablePUADetection: Action started

2017-08-02 12:33:37 DisablePUADetection: Action succeeded

2017-08-02 12:33:38 DeleteExpiredCaches: Action started

2017-08-02 12:33:38 DeleteExpiredCaches: Action succeeded

2017-08-02 12:33:38 EnableJournals: Action started

2017-08-02 12:33:38 EnableJournals: Checking journal for active volumes.

2017-08-02 12:33:38 EnableJournals: Journaling already enabled for on \\?\Volume{f2978144-5cb8-11e3-a09d-806e6f6e6963}\

2017-08-02 12:33:38 EnableJournals: Journaling already enabled for on \\?\Volume{f2978146-5cb8-11e3-a09d-806e6f6e6963}\

2017-08-02 12:33:38 EnableJournals: Action succeeded

2017-08-02 12:33:38 DisableWebProtection: Action started

2017-08-02 12:33:38 DisableWebProtection: DisableWebProtection: OK

2017-08-02 12:33:38 DisableWebProtection: Action succeeded

2017-08-02 12:33:38 DisableSxlLookups: Action started

2017-08-02 12:33:38 DisableSxlLookups: DisableSxlLookups: OK

2017-08-02 12:33:38 DisableSxlLookups: Action succeeded

2017-08-02 12:33:38 CheckSNMPDLLPresence: Action started

2017-08-02 12:33:38 CheckSNMPDLLPresence: Action succeeded

2017-08-02 12:33:38 UpdateSXLServerList: Action started

2017-08-02 12:33:38 UpdateSXLServerList: LoadSophtainerData: GetSophtainerSection(C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SXLConfig.dat) returned 0. (180 bytes returned)


2017-08-02 12:33:38 UpdateSXLServerList: ExtractSXLServerConf: 0, 4, 4

2017-08-02 12:33:39 UpdateSXLServerList: Action succeeded

2017-08-02 12:33:39 GenerateSavMachineId: Action started

2017-08-02 12:33:39 GenerateSavMachineId: Sav machine id = 19AA245A-DA88-4FC7-A98A-1E2D1516D122

2017-08-02 12:33:39 GenerateSavMachineId: Action succeeded

2017-08-02 12:33:39 SetSAVAdminUpdateComplete: Action started

2017-08-02 12:33:39 SetSAVAdminUpdateComplete: Action succeeded

2017-08-02 12:33:39 RunPreLaunchScripts: Action started

2017-08-02 12:33:39 RunPreLaunchScripts: RunPreLaunchScripts: No entries.

2017-08-02 12:33:39 RunPreLaunchScripts: Action succeeded

2017-08-02 12:33:40 BootDriverStartup: Action started

2017-08-02 12:33:40 BootDriverStartup: Boot driver restored: disabled

2017-08-02 12:33:40 BootDriverStartup: Action succeeded

2017-08-02 12:33:40 UninstallSecurityCenter: Action started

2017-08-02 12:33:40 UninstallSecurityCenter: Error returned from CAntiVirusProvider::Uninstall() was: -2147467259

2017-08-02 12:33:40 UninstallSecurityCenter: Error returned from CAntiSpywareProvider::Uninstall() was: -2147467259

2017-08-02 12:33:40 UninstallSecurityCenter: Action succeeded

2017-08-02 12:33:41 RollbackInstallDeviceControl: Action started

2017-08-02 12:33:41 RollbackInstallDeviceControl: Action succeeded

2017-08-02 12:33:41 RemoveTamperProtectionRegKey: Action started

2017-08-02 12:33:41 RemoveTamperProtectionRegKey: Action succeeded

2017-08-02 12:33:41 RemoveSAVI: Action started

2017-08-02 12:33:42 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate

2017-08-02 12:33:42 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__

2017-08-02 12:33:42 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate

2017-08-02 12:33:42 RemoveSAVI: UpdateRequest signalled

2017-08-02 12:33:42 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended

2017-08-02 12:33:42 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__

2017-08-02 12:33:42 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended

2017-08-02 12:33:42 RemoveSAVI: Action succeeded

2017-08-02 12:33:50 DeleteUserGroups: Action started

2017-08-02 12:33:50 DeleteUserGroups: We are not a domain controller: Attempting to delete local user groups

2017-08-02 12:33:50 DeleteUserGroups: Action succeeded

2017-08-02 12:33:51 UpdateDesktopMessaging: Action started

2017-08-02 12:33:51 UpdateDesktopMessaging: UpdateDesktopMessaging: Could not delete SAVPlugin registry key(2)

2017-08-02 12:33:51 UpdateDesktopMessaging: Action succeeded

2017-08-02 12:33:51 RollbackUpdateSavAdapterDll: Action started

2017-08-02 12:33:51 RollbackUpdateSavAdapterDll: Action succeeded

2017-08-02 12:33:51 DeleteOtherFiles: Action started

2017-08-02 12:33:52 DeleteOtherFiles: Unable to get list of engine files from C:\Program Files (x86)\Sophos\Sophos Anti-Virus\engsync.upd

2017-08-02 12:33:52 DeleteOtherFiles: Unregistered MSCM

2017-08-02 12:33:52 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll.stf00 with error: Access is denied.



2017-08-02 12:33:52 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll.stf01 with error: Access is denied.



2017-08-02 12:33:52 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll.stf02 with error: Access is denied.



2017-08-02 12:33:52 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll.stf03 with error: Access is denied.



2017-08-02 12:33:52 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll.stf00 with error: Access is denied.



2017-08-02 12:33:52 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll.stf01 with error: Access is denied.



2017-08-02 12:33:52 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll.stf02 with error: Access is denied.



2017-08-02 12:33:52 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll.stf03 with error: Access is denied.



2017-08-02 12:33:52 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll detoured exists, proceeding to rename it & mark for delete.

2017-08-02 12:33:52 DeleteOtherFiles: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:52 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll detoured exists, proceeding to rename it & mark for delete.

2017-08-02 12:33:52 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\detoured.dll does not exist, no further action.

2017-08-02 12:33:52 DeleteOtherFiles: Deleting config file folder

2017-08-02 12:33:52 DeleteOtherFiles: Failed to delete config folder, 2

2017-08-02 12:33:52 Error deleting file: C:\ProgramData\Sophos\Sophos Anti-Virus\\Infected\Low with error: Access is denied.



2017-08-02 12:33:52 DeleteOtherFiles: Action succeeded

2017-08-02 12:33:52 ForceDeleteUserPlugin: Action started

2017-08-02 12:33:52 ForceDeleteUserPlugin: Error deleting DesktopMessaging registry key. Returned error was: The system cannot find the file specified.



2017-08-02 12:33:52 ForceDeleteUserPlugin: Error deleting user pluging registry key. Returned error was: The system cannot find the file specified.



2017-08-02 12:33:52 ForceDeleteUserPlugin: Action succeeded

2017-08-02 12:33:52 ForceDeleteFiles: Action started

2017-08-02 12:33:52 ForceDeleteFiles: Action succeeded

2017-08-02 12:33:52 RunErrorScripts: Action started

2017-08-02 12:33:52 RunErrorScripts: Action succeeded

2017-08-02 12:33:52 RestoreMovedFiles: Action started

2017-08-02 12:33:52 RestoreMovedFiles: Action succeeded

2017-08-02 12:33:53 SetUpdateFailed: Action started

2017-08-02 12:33:53 SetUpdateFailed: Unable to create an instance of ComponentManager - SystemInformation cannot be informed of end of update

2017-08-02 12:33:53 SetUpdateFailed: Action succeeded



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Evan Wolf

    Could we see the full MSI log and associated custom action log from \windows\temp\

    Regards,

    Jak

  • 0 in reply to jak

    I had to compress the MSI Log because it was too large to paste or attach.  

    8787.Sophos Anti-Virus Major Install Log_170802_053139.zip

    Fullscreen 4162.Sophos Anti-Virus Major CustomActions Log_170802_053139.txt Download 
    2017-08-02 12:31:52 ExtractClassicConfig: Action started

2017-08-02 12:31:52 ExtractClassicConfig: Action succeeded

2017-08-02 12:31:52 PreInstallChecks: Action started

2017-08-02 12:31:52 PreInstallChecks: Action succeeded

2017-08-02 12:31:52 SetBootDriverStartupProperty: Action started

2017-08-02 12:31:52 SetBootDriverStartupProperty: Boot driver: not installed.

2017-08-02 12:31:52 SetBootDriverStartupProperty: Action succeeded

2017-08-02 12:31:53 SetClassFilterPresentProperty: Action started

2017-08-02 12:31:53 SetClassFilterPresentProperty: Setting class filter present property to: 0

2017-08-02 12:31:53 SetClassFilterPresentProperty: Action succeeded

2017-08-02 12:31:53 SetDriverProperty: Action started

2017-08-02 12:31:53 SetDriverProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:31:53 SetDriverProperty: Action succeeded

2017-08-02 12:31:54 SetProcessorProperties: Action started

2017-08-02 12:31:54 SetProcessorProperties: Action succeeded

2017-08-02 12:31:54 SetRestoreExcludedProcessesProperty: Action started

2017-08-02 12:31:54 SetRestoreExcludedProcessesProperty: SetRestoreExcludedProcessesProperty

2017-08-02 12:31:54 SetRestoreExcludedProcessesProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:31:54 SetRestoreExcludedProcessesProperty: Action succeeded

2017-08-02 12:32:06 CheckRegForNullDACLs: Action started

2017-08-02 12:32:06 CheckRegForNullDACLs: Action succeeded

2017-08-02 12:32:07 WaitForSAVService: Action started

2017-08-02 12:32:07 WaitForSAVService: WaitForSAVService: Walking system processes...

2017-08-02 12:32:07 WaitForSAVService: WaitForSAVService: Finished walking system processes.

2017-08-02 12:32:07 WaitForSAVService: Action succeeded

2017-08-02 12:32:08 CheckUninstallDrivers: Action started

2017-08-02 12:32:08 CheckUninstallDrivers: IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess control. Returning false.

2017-08-02 12:32:08 CheckUninstallDrivers: IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess filter. Returning false.

2017-08-02 12:32:08 CheckUninstallDrivers: Action succeeded

2017-08-02 12:32:09 DeleteIDEs: Action started

2017-08-02 12:32:09 DeleteIDEs: Action succeeded

2017-08-02 12:32:09 DeleteBDLs: Action started

2017-08-02 12:32:09 DeleteBDLs: Action succeeded

2017-08-02 12:32:09 DeleteHIPSConfig: Action started

2017-08-02 12:32:09 DeleteHIPSConfig: Action succeeded

2017-08-02 12:32:10 UpdateSavAdapterDll: Action started

2017-08-02 12:32:20 UpdateSavAdapterDll: Action succeeded

2017-08-02 12:32:20 UpdateDesktopMessaging: Action started

2017-08-02 12:32:20 UpdateDesktopMessaging: UpdateDesktopMessaging: Could not delete SAVPlugin registry key(2)

2017-08-02 12:32:20 UpdateDesktopMessaging: Action succeeded

2017-08-02 12:32:20 CopyOtherFiles: Action started

2017-08-02 12:32:20 CopyOtherFiles: CopyOtherFiles custom action - Copying other driver files

2017-08-02 12:32:20 CopyOtherFiles: Copying class filter source: C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\decode\savxp\drivers\sdcfilter\win7_amd64\SDCFILTER.INF, target: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\

2017-08-02 12:32:20 CopyOtherFiles: Copying boot driver source: C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\decode\savxp\drivers\boottasks\win7_amd64\SOPHOSBOOTDRIVER.INF, target: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\

2017-08-02 12:32:20 CopyOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll detoured exists, proceeding to rename it & mark for delete.

2017-08-02 12:32:20 CopyOtherFiles: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:32:20 CopyOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll detoured exists, proceeding to rename it & mark for delete.

2017-08-02 12:32:20 CopyOtherFiles: Copying boot tasks source: C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\decode\savxp\drivers\boottasks\win7_amd64\SophosBootTasks.exe, target: C:\Windows\system32\

2017-08-02 12:32:20 CopyOtherFiles: Action succeeded

2017-08-02 12:32:20 RegisterBufferOverflowProtection: Action started

2017-08-02 12:32:20 RegisterBufferOverflowProtection: BopsUnregister: could not get short path to DLL. It will not be unregistered.

2017-08-02 12:32:20 RegisterBufferOverflowProtection: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\detoured.dll does not exist, no further action.

2017-08-02 12:32:20 RegisterBufferOverflowProtection: BOPS path already exists

2017-08-02 12:32:20 RegisterBufferOverflowProtection: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:32:20 RegisterBufferOverflowProtection: BOPS path already exists

2017-08-02 12:32:20 RegisterBufferOverflowProtection: Action succeeded

2017-08-02 12:32:21 RestoreExcludedProcesses: Action started

2017-08-02 12:32:21 RestoreExcludedProcesses: RestoreExcludedProcesses

2017-08-02 12:32:21 RestoreExcludedProcesses: Empty excluded processes property. Nothing to be done.

2017-08-02 12:32:21 RestoreExcludedProcesses: Action succeeded

2017-08-02 12:32:40 StartDriverServices: Action started

2017-08-02 12:32:40 StartDriverServices: IsServiceRunning: Unable to get a handle to requested service skmscan. Returning false.

2017-08-02 12:32:40 StartDriverServices: Unable to get a handle to kms service - service will not be started until next reboot

2017-08-02 12:32:40 StartDriverServices: Action succeeded

2017-08-02 12:32:59 CreateUserGroups: Action started

2017-08-02 12:32:59 CreateUserGroups: Unable to create local SophosUserGroup

2017-08-02 12:32:59 CreateUserGroups: Unable to create local SophosPowerGroup

2017-08-02 12:32:59 CreateUserGroups: Unable to create local SophosAdminGroup

2017-08-02 12:32:59 CreateUserGroups: Unable to create local OnAccessGroup

2017-08-02 12:32:59 CreateUserGroups: Local name of well-known group Administrators is Administrators

2017-08-02 12:32:59 CreateUserGroups: Local name of well-known group PowerUsers is Power Users

2017-08-02 12:32:59 CreateUserGroups: Local name of well-known group Users is Users

2017-08-02 12:32:59 CreateUserGroups: SophosUser already exists - skipped adding members

2017-08-02 12:32:59 CreateUserGroups: SophosPowerUser already exists - skipped adding members

2017-08-02 12:32:59 CreateUserGroups: SophosAdministrator already exists - skipped adding members

2017-08-02 12:32:59 CreateUserGroups: Adding LOCAL SYSTEM to the SophosAdministrator role in the machine file

2017-08-02 12:33:05 CreateUserGroups: Action succeeded

2017-08-02 12:33:06 PurgeIOfficeAVCache: Action started

2017-08-02 12:33:06 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:06 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:06 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:06 PurgeIOfficeAVCache: Opened key name S-1-5-21-785017407-1344295933-1538882281-3884\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}

2017-08-02 12:33:06 PurgeIOfficeAVCache: Unable to remove Enum sub key: 0x2

2017-08-02 12:33:06 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:06 PurgeIOfficeAVCache: Opened key name S-1-5-21-785017407-1344295933-1538882281-3884\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}

2017-08-02 12:33:06 PurgeIOfficeAVCache: Unable to remove Enum sub key: 0x2

2017-08-02 12:33:06 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:06 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:06 PurgeIOfficeAVCache: Opened key name S-1-5-21-785017407-1344295933-1538882281-6932\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}

2017-08-02 12:33:06 PurgeIOfficeAVCache: Unable to remove Enum sub key: 0x2

2017-08-02 12:33:06 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:06 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:06 PurgeIOfficeAVCache: Action succeeded

2017-08-02 12:33:06 EnableAttachmentScanning: Action started

2017-08-02 12:33:06 EnableAttachmentScanning: ScanWithAntiVirus value is already set to 3

2017-08-02 12:33:06 EnableAttachmentScanning: Action succeeded

2017-08-02 12:33:06 AddDomainGroups: Action started

2017-08-02 12:33:06 AddDomainGroups: Found SophosDomainUser group

2017-08-02 12:33:06 AddDomainGroups: Found SophosDomainPowerUser group

2017-08-02 12:33:06 AddDomainGroups: Found SophosDomainAdministrator group

2017-08-02 12:33:07 AddDomainGroups: Added SophosDomainAdministrator group to SophosAdministrator group

2017-08-02 12:33:07 AddDomainGroups: Added SophosDomainPowerUser group to SophosPowerUser group

2017-08-02 12:33:07 AddDomainGroups: Added SophosDomainUser group to SophosUser group

2017-08-02 12:33:07 AddDomainGroups: Action succeeded

2017-08-02 12:33:19 SetSAVAdminUpdateBegin: Action started

2017-08-02 12:33:19 SetSAVAdminUpdateBegin: Action succeeded

2017-08-02 12:33:20 UpdateSAVI: Action started

2017-08-02 12:33:20 UpdateSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate

2017-08-02 12:33:20 UpdateSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__

2017-08-02 12:33:20 UpdateSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate

2017-08-02 12:33:20 UpdateSAVI: UpdateRequest signalled

2017-08-02 12:33:20 UpdateSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended

2017-08-02 12:33:20 UpdateSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__

2017-08-02 12:33:20 UpdateSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended

2017-08-02 12:33:20 UpdateSAVI: MSCM version orig:  new: 0.3.0.90

2017-08-02 12:33:20 UpdateSAVI: Copying MSCM from: C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\decode\savxp\savmscm.dll to: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\savmscm.dll

2017-08-02 12:33:20 UpdateSAVI: Registered MSCM

2017-08-02 12:33:32 UpdateSAVI: SAVI dll was installed successfully

2017-08-02 12:33:32 UpdateSAVI: Action succeeded

2017-08-02 12:33:32 SetFolderPermissions: Action started

2017-08-02 12:33:32 SetFolderPermissions: We are running on XP or higher - adding LocalService to permissions on config files

2017-08-02 12:33:32 SetFolderPermissions: We are running on XP or higher - adding LocalService to permissions on config files

2017-08-02 12:33:33 SetFolderPermissions: Action succeeded

2017-08-02 12:33:34 CreateTamperProtectionRegKey: Action started

2017-08-02 12:33:34 CreateTamperProtectionRegKey: Action succeeded

2017-08-02 12:33:35 SetServiceXP: Action started

2017-08-02 12:33:35 SetServiceXP: Action succeeded

2017-08-02 12:33:35 SetSAVServiceSID: Action started

2017-08-02 12:33:35 SetSAVServiceSID: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:35 SetSAVServiceSID: Action succeeded

2017-08-02 12:33:36 SetServiceSecurity: Action started

2017-08-02 12:33:36 SetServiceSecurity: Adding SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP to SavService launch permissions

2017-08-02 12:33:36 SetServiceSecurity: Adding SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP to SavService launch permissions

2017-08-02 12:33:36 SetServiceSecurity: Action succeeded

2017-08-02 12:33:36 SetServiceRecoveryActions: Action started

2017-08-02 12:33:36 SetServiceRecoveryActions: Action succeeded

2017-08-02 12:33:36 InstallDeviceControl: Action started

2017-08-02 12:33:36 InstallDeviceControl: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:36 InstallDeviceControl: Action succeeded

2017-08-02 12:33:36 SetAdminGroupDescription: Action started

2017-08-02 12:33:36 SetAdminGroupDescription: Action succeeded

2017-08-02 12:33:36 SetPowerGroupDescription: Action started

2017-08-02 12:33:36 SetPowerGroupDescription: Action succeeded

2017-08-02 12:33:36 SetUserGroupDescription: Action started

2017-08-02 12:33:37 SetUserGroupDescription: Action succeeded

2017-08-02 12:33:37 SetOnAccessGroupDescription: Action started

2017-08-02 12:33:37 SetOnAccessGroupDescription: Action succeeded

2017-08-02 12:33:37 DisablePUADetection: Action started

2017-08-02 12:33:37 DisablePUADetection: Action succeeded

2017-08-02 12:33:38 DeleteExpiredCaches: Action started

2017-08-02 12:33:38 DeleteExpiredCaches: Action succeeded

2017-08-02 12:33:38 EnableJournals: Action started

2017-08-02 12:33:38 EnableJournals: Checking journal for active volumes.

2017-08-02 12:33:38 EnableJournals: Journaling already enabled for on \\?\Volume{f2978144-5cb8-11e3-a09d-806e6f6e6963}\

2017-08-02 12:33:38 EnableJournals: Journaling already enabled for on \\?\Volume{f2978146-5cb8-11e3-a09d-806e6f6e6963}\

2017-08-02 12:33:38 EnableJournals: Action succeeded

2017-08-02 12:33:38 DisableWebProtection: Action started

2017-08-02 12:33:38 DisableWebProtection: DisableWebProtection: OK

2017-08-02 12:33:38 DisableWebProtection: Action succeeded

2017-08-02 12:33:38 DisableSxlLookups: Action started

2017-08-02 12:33:38 DisableSxlLookups: DisableSxlLookups: OK

2017-08-02 12:33:38 DisableSxlLookups: Action succeeded

2017-08-02 12:33:38 CheckSNMPDLLPresence: Action started

2017-08-02 12:33:38 CheckSNMPDLLPresence: Action succeeded

2017-08-02 12:33:38 UpdateSXLServerList: Action started

2017-08-02 12:33:38 UpdateSXLServerList: LoadSophtainerData: GetSophtainerSection(C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SXLConfig.dat) returned 0. (180 bytes returned)


2017-08-02 12:33:38 UpdateSXLServerList: ExtractSXLServerConf: 0, 4, 4

2017-08-02 12:33:39 UpdateSXLServerList: Action succeeded

2017-08-02 12:33:39 GenerateSavMachineId: Action started

2017-08-02 12:33:39 GenerateSavMachineId: Sav machine id = 19AA245A-DA88-4FC7-A98A-1E2D1516D122

2017-08-02 12:33:39 GenerateSavMachineId: Action succeeded

2017-08-02 12:33:39 SetSAVAdminUpdateComplete: Action started

2017-08-02 12:33:39 SetSAVAdminUpdateComplete: Action succeeded

2017-08-02 12:33:39 RunPreLaunchScripts: Action started

2017-08-02 12:33:39 RunPreLaunchScripts: RunPreLaunchScripts: No entries.

2017-08-02 12:33:39 RunPreLaunchScripts: Action succeeded

2017-08-02 12:33:40 BootDriverStartup: Action started

2017-08-02 12:33:40 BootDriverStartup: Boot driver restored: disabled

2017-08-02 12:33:40 BootDriverStartup: Action succeeded

2017-08-02 12:33:40 UninstallSecurityCenter: Action started

2017-08-02 12:33:40 UninstallSecurityCenter: Error returned from CAntiVirusProvider::Uninstall() was: -2147467259

2017-08-02 12:33:40 UninstallSecurityCenter: Error returned from CAntiSpywareProvider::Uninstall() was: -2147467259

2017-08-02 12:33:40 UninstallSecurityCenter: Action succeeded

2017-08-02 12:33:41 RollbackInstallDeviceControl: Action started

2017-08-02 12:33:41 RollbackInstallDeviceControl: Action succeeded

2017-08-02 12:33:41 RemoveTamperProtectionRegKey: Action started

2017-08-02 12:33:41 RemoveTamperProtectionRegKey: Action succeeded

2017-08-02 12:33:41 RemoveSAVI: Action started

2017-08-02 12:33:42 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate

2017-08-02 12:33:42 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__

2017-08-02 12:33:42 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate

2017-08-02 12:33:42 RemoveSAVI: UpdateRequest signalled

2017-08-02 12:33:42 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended

2017-08-02 12:33:42 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__

2017-08-02 12:33:42 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended

2017-08-02 12:33:42 RemoveSAVI: Action succeeded

2017-08-02 12:33:50 DeleteUserGroups: Action started

2017-08-02 12:33:50 DeleteUserGroups: We are not a domain controller: Attempting to delete local user groups

2017-08-02 12:33:50 DeleteUserGroups: Action succeeded

2017-08-02 12:33:51 UpdateDesktopMessaging: Action started

2017-08-02 12:33:51 UpdateDesktopMessaging: UpdateDesktopMessaging: Could not delete SAVPlugin registry key(2)

2017-08-02 12:33:51 UpdateDesktopMessaging: Action succeeded

2017-08-02 12:33:51 RollbackUpdateSavAdapterDll: Action started

2017-08-02 12:33:51 RollbackUpdateSavAdapterDll: Action succeeded

2017-08-02 12:33:51 DeleteOtherFiles: Action started

2017-08-02 12:33:52 DeleteOtherFiles: Unable to get list of engine files from C:\Program Files (x86)\Sophos\Sophos Anti-Virus\engsync.upd

2017-08-02 12:33:52 DeleteOtherFiles: Unregistered MSCM

2017-08-02 12:33:52 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll.stf00 with error: Access is denied.



2017-08-02 12:33:52 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll.stf01 with error: Access is denied.



2017-08-02 12:33:52 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll.stf02 with error: Access is denied.



2017-08-02 12:33:52 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll.stf03 with error: Access is denied.



2017-08-02 12:33:52 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll.stf00 with error: Access is denied.



2017-08-02 12:33:52 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll.stf01 with error: Access is denied.



2017-08-02 12:33:52 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll.stf02 with error: Access is denied.



2017-08-02 12:33:52 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll.stf03 with error: Access is denied.



2017-08-02 12:33:52 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll detoured exists, proceeding to rename it & mark for delete.

2017-08-02 12:33:52 DeleteOtherFiles: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2017-08-02 12:33:52 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll detoured exists, proceeding to rename it & mark for delete.

2017-08-02 12:33:52 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\detoured.dll does not exist, no further action.

2017-08-02 12:33:52 DeleteOtherFiles: Deleting config file folder

2017-08-02 12:33:52 DeleteOtherFiles: Failed to delete config folder, 2

2017-08-02 12:33:52 Error deleting file: C:\ProgramData\Sophos\Sophos Anti-Virus\\Infected\Low with error: Access is denied.



2017-08-02 12:33:52 DeleteOtherFiles: Action succeeded

2017-08-02 12:33:52 ForceDeleteUserPlugin: Action started

2017-08-02 12:33:52 ForceDeleteUserPlugin: Error deleting DesktopMessaging registry key. Returned error was: The system cannot find the file specified.



2017-08-02 12:33:52 ForceDeleteUserPlugin: Error deleting user pluging registry key. Returned error was: The system cannot find the file specified.



2017-08-02 12:33:52 ForceDeleteUserPlugin: Action succeeded

2017-08-02 12:33:52 ForceDeleteFiles: Action started

2017-08-02 12:33:52 ForceDeleteFiles: Action succeeded

2017-08-02 12:33:52 RunErrorScripts: Action started

2017-08-02 12:33:52 RunErrorScripts: Action succeeded

2017-08-02 12:33:52 RestoreMovedFiles: Action started

2017-08-02 12:33:52 RestoreMovedFiles: Action succeeded

2017-08-02 12:33:53 SetUpdateFailed: Action started

2017-08-02 12:33:53 SetUpdateFailed: Unable to create an instance of ComponentManager - SystemInformation cannot be informed of end of update

2017-08-02 12:33:53 SetUpdateFailed: Action succeeded

  • 0 in reply to Evan Wolf

    That isn't an obvious one.

    Do you get a Startup log for the SAVServuce under:
    \Windows\ServiceProfiles\LocalService\Appdata\local\temp?

    Following a failed attempt, do you see a new one created?  Anything of interest in there?

    Also, prior to another install attempt, can you ensure that the key:

    hklm\software\wow6432node\sophos\savservice

    is removed.

    Sorry, that's all I have.

    Regards,

    Jak

  • 0 in reply to jak

    Hello Jak,

    I do have some startup logs from 5 days ago, there hasn't been 1 since.

     

    I removed that registry key and tried again and had no luck.

     

    Thanks,

    Evan 

  • +1 in reply to Evan Wolf

    MSI (s) (08:0C) [12:33:40:368]: Note: 1: 1722 2: RegisterSophosOfficeAV 3: C:\Windows\SysWOW64\ 4: REGSVR32.EXE /s "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\SophosOfficeAV.dll"
    CustomAction RegisterSophosOfficeAV returned actual error code 3 (note this may not be 100% accurate if translation happened inside sandbox)
    MSI (s) (08:0C) [12:33:40:368]: Product: Sophos Anti-Virus -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action RegisterSophosOfficeAV, location: C:\Windows\SysWOW64\, command: REGSVR32.EXE /s "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\SophosOfficeAV.dll"

    error 3 is cannot find the specified path.

     

    I would suggest to run Process Monitor (https://docs.microsoft.com/en-us/sysinternals/downloads/procmon ,when the install runs.

    Look for C:\Windows\SysWOW64\Regsvr32.exe being launched, I assume the exit code for this process is 3?

    Does REGSVR32.EXE exist in C:\Windows\SysWOW64\?  Is it failing to find "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\SophosOfficeAV.dll"?

    You should be able to match up the time in the MSI log with the time in the PML log.

    Regards,

    Jak

     

     

     

  • 0 in reply to jak

    Hi Jak,

    I looked to see if the regsvr32.exe file was there and it was missing.  I then ran a sfc /scannow and it re added this file.  The next day it updated and installed just fine.

    Thanks for the assistance.

Unfiltered HTML