This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Failed to install SAVXP - Windows 10

Hi,

 

I am attempting to install Endpoint onto a device that had previous runtime errors, whilst i am now having it communicate back to the Enterprise Console it is unfortunately not installing the additional components and coming back with the error "failed to install SAVXP"

I have looked at the logs but cannot make heads or tails of them as i am a complete novice, can anyone advise?

 

Many thanks

Tara

 

i have only added a snippet of the logs as they are too large to upload, let me know if thats enough.



This thread was automatically locked due to age.
  • 2018-01-19 15:47:08 Unable to delete registry value: SOFTWARE\Sophos\AutoUpdate\UpdateStatus\CrtResult, assuming it does not exist
    2018-01-19 15:47:08 INFO: Unable to find the CRT directory, continuing with installation.
    2018-01-19 15:47:08 PROCESSOR_ARCHITECTURE environment variable is: AMD64
    2018-01-19 15:47:08 Info: Logging started: installing/upgrading Sophos Anti-Virus
    2018-01-19 15:47:08 Info: InstallFromPath is: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\
    2018-01-19 15:47:08 Info: InstallToPath is:
    2018-01-19 15:47:08 Info: Detected version of SAV has major version number: 10
    2018-01-19 15:47:08 Info: Detected version of SAV has minor version number: 7
    2018-01-19 15:47:08 Info: registryInstallTo [overriding InstallToPath] is: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\
    2018-01-19 15:47:08 Checking for problem versions of SAVI - Install path:C:\Program Files (x86)\Sophos\Sophos Anti-Virus\
    2018-01-19 15:47:08 Veex.dll version '3.69.2.2293'
    2018-01-19 15:47:08 INFO: Checking the validity of the VDL manifest file.
    2018-01-19 15:47:09 INFO: The manifest file has been successfully validated.
    2018-01-19 15:47:09 INFO: Checking the validity of the AppFeed manifest file.
    2018-01-19 15:47:09 INFO: The manifest file has been successfully validated.
    2018-01-19 15:47:09 PROCESSOR_ARCHITECTURE environment variable is: AMD64
    2018-01-19 15:47:09 Info: SetupPlugin: updateProps.m_MajorUpdate = 0
    2018-01-19 15:47:09 Info: SetupPlugin: updateProps.m_DataOnlyUpdate = 1
    2018-01-19 15:47:09 Info: SetupPlugin: updateProps.m_OnAccessDriverUpdate = 0
    2018-01-19 15:47:09 Info: SetupPlugin: updateProps.m_BootDriverUpdate = 0
    2018-01-19 15:47:09 Info: SetupPlugin: updateProps.m_ClassFilterUpdate = 0
    2018-01-19 15:47:09 Info: SetupPlugin: updateProps.m_KMSDriverUpdate = 0
    2018-01-19 15:47:09 Info: Managed install (from SAU)
    2018-01-19 15:47:09 Check for UI changes
    2018-01-19 15:47:09 UIType in registry: full
    2018-01-19 15:47:09 Unable to QI IProductConfig
    2018-01-19 15:47:09 Info: productType: 0
    2018-01-19 15:47:09 ProductType in registry: 0
    2018-01-19 15:47:09 Checking the integrity of the extant SAV installation (noUI is 0)
    2018-01-19 15:47:09 The is a complete SAV installation. Skipping recovery.
    2018-01-19 15:47:09 Info: SAVService is either not present or disabled.
    2018-01-19 15:47:09 Info: SAVAdminService is either not present or disabled.
    2018-01-19 15:47:09 ERROR: Failed to open handle to service. Error code: 1060
    2018-01-19 15:47:09 Info: The product is not installed correctly. MSI update required.
    2018-01-19 15:47:09 Info: Performing major update of Sophos Anti-Virus using msi.
    2018-01-19 15:47:09 Info: Update is signalled.
    2018-01-19 15:47:09 In KB2918614Workaround().
    2018-01-19 15:47:09 Leaving KB2918614Workaround().
    2018-01-19 15:47:09 Product code of SAV currently installed: {65323B2D-83D4-470D-A209-D769DB30BBDB}
    2018-01-19 15:47:09 Product code of SAV to be installed:     {65323B2D-83D4-470D-A209-D769DB30BBDB}
    2018-01-19 15:47:09 Info: Added SAVService to ServicesList.
    2018-01-19 15:47:10 Info: Added SAVAdminService to ServicesList.
    2018-01-19 15:47:10 Info: Added Sophos Device Control Service to ServicesList.
    2018-01-19 15:47:10 Info: Added SophosBootDriver to ServicesList.
    2018-01-19 15:47:10 Info: Added swi_service to ServicesList.
    2018-01-19 15:47:10 Info: Added swi_filter to ServicesList.
    2018-01-19 15:47:10 Info: Added Sophos Web Control Service to ServicesList.
    2018-01-19 15:47:10 Info: Added SAVOnAccess to ServicesList.
    2018-01-19 15:47:10 Info: Added SAV to ComponentList.
    2018-01-19 15:47:10 Info: component SDC is not registered - skipping.
    2018-01-19 15:47:10 Info: component SCS is not registered - skipping.
    2018-01-19 15:47:10 Info: Added SWI to ComponentList.
    2018-01-19 15:47:10 Info: Added SWC to ComponentList.
    2018-01-19 15:47:10 UpdateVersionInfo(), SAU can't supply version info - using msi version
    2018-01-19 15:47:10 Info: PutSetupOptionsToRegistry
    2018-01-19 15:47:10 Info: Check MSXML
    2018-01-19 15:47:10 Info: Check boot driver and kms driver
    2018-01-19 15:47:10 Info: upgrading an existing installation of SAV
    2018-01-19 15:47:10 Info: Transform file returned:
    2018-01-19 15:47:10 Info: SAVService was found to not be installed - skipping.
    2018-01-19 15:47:10 Info: SAVAdminService was found to not be installed - skipping.
    2018-01-19 15:47:10 Info: Sophos Device Control Service was found to not be installed - skipping.
    2018-01-19 15:47:10 Info: SophosBootDriver was found to not be installed - skipping.
    2018-01-19 15:47:10 Info: swi_service was found to not be installed - skipping.
    2018-01-19 15:47:10 Info: swi_filter was found to not be installed - skipping.
    2018-01-19 15:47:10 Info: Added Sophos Web Control Service to ServicesList.
    2018-01-19 15:47:10 Info: All services reported they accept stop controls.
    2018-01-19 15:47:10 Info: SAV Setup plugin: running MsiInstallProduct (C:\ProgramData\Sophos\AutoUpdate\cache\savxp\Sophos Anti-Virus.msi, REINSTALLMODE=vmuso REINSTALL=ALL REBOOT=ReallySuppress UITYPE=full PRODUCTTYPE=0  UPDATEDRIVERS=0 UPDATECLASSFILTER=0 UPDATEBOOTDRIVERS=0 UPDATEKMSDRIVERS=1 SAVIONLY=0 MANAGED=1 RECOVERYMODE=1 DATACONTROL=1 DEVICECONTROL=1 WEBCONTROL=1)
    === Verbose logging started: 1/19/2018  15:47:10  Build type: SHIP UNICODE 5.00.10011.00  Calling process: C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\ALUpdate.exe ===
    MSI (c) (2C:08) [15:47:10:194]: Resetting cached policy values
    MSI (c) (2C:08) [15:47:10:194]: Machine policy value 'Debug' is 0
    MSI (c) (2C:08) [15:47:10:194]: ******* RunEngine:
               ******* Product: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\Sophos Anti-Virus.msi
               ******* Action:
               ******* CommandLine: **********
    MSI (c) (2C:08) [15:47:10:194]: Client-side and UI is none or basic: Running entire install on the server.
    MSI (c) (2C:08) [15:47:10:194]: Grabbed execution mutex.
    MSI (c) (2C:08) [15:47:10:366]: Cloaking enabled.
    MSI (c) (2C:08) [15:47:10:366]: Attempting to enable all disabled privileges before calling Install on Server
    MSI (c) (2C:08) [15:47:10:366]: Incrementing counter to disable shutdown. Counter after increment: 0
    MSI (s) (98:0C) [15:47:10:366]: Running installation inside multi-package transaction C:\ProgramData\Sophos\AutoUpdate\cache\savxp\Sophos Anti-Virus.msi
    MSI (s) (98:0C) [15:47:10:366]: Grabbed execution mutex.
    MSI (s) (98:6C) [15:47:10:382]: Resetting cached policy values
    MSI (s) (98:6C) [15:47:10:382]: Machine policy value 'Debug' is 0
    MSI (s) (98:6C) [15:47:10:382]: ******* RunEngine:

    ******* Product: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\Sophos Anti-Virus.msi

  • Hello Tara,

    let others have a look at the logs :) - in this case the Sophos Major Install and Major CustomActions logs. BTW - have you seen this troubleshooting article?

    Christian

  • Thank you for the link, its definately helpful.

    Whilst reading from the bottom up i found this:

     

    Property(S): UNINSTALLBOOTDRIVERS = 1
    Property(S): UNINSTALLCLASSFILTER = 1
    Property(S): UNINSTALLDRIVERS = 1
    Property(S): UNINSTALLERROR = An older version of Sophos Anti-Virus has not been fully removed from your machine. Please reboot your machine before attempting to install Sophos Anti-Virus.
    Property(S): UNINSTALLKMSDRIVERS = 1
    Property(S): UPDATEBOOTDRIVERS = 0
    Property(S): UPDATECLASSFILTER = 0
    Property(S): VIRUSDATAUPDATE = 0

    The machine has been rebooted however so not sure?

    Also is there a way of completely removing the component as it was preventing me because of an instance of tamper control which i could not see active?

  • 2018-01-19 16:07:13 ExtractClassicConfig: Action started
    
    2018-01-19 16:07:13 ExtractClassicConfig: Action succeeded
    
    2018-01-19 16:07:13 PreInstallChecks: Action started
    
    2018-01-19 16:07:13 PreInstallChecks: Action succeeded
    
    2018-01-19 16:07:13 SetClassFilterPresentProperty: Action started
    
    2018-01-19 16:07:13 SetClassFilterPresentProperty: Setting class filter present property to: 1
    
    2018-01-19 16:07:13 SetClassFilterPresentProperty: Action succeeded
    
    2018-01-19 16:07:13 SetDriverProperty: Action started
    
    2018-01-19 16:07:13 SetDriverProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64
    
    2018-01-19 16:07:13 SetDriverProperty: Action succeeded
    
    2018-01-19 16:07:13 SetProcessorProperties: Action started
    
    2018-01-19 16:07:13 SetProcessorProperties: Action succeeded
    
    2018-01-19 16:07:13 SetRestoreExcludedProcessesProperty: Action started
    
    2018-01-19 16:07:13 SetRestoreExcludedProcessesProperty: SetRestoreExcludedProcessesProperty
    
    2018-01-19 16:07:13 SetRestoreExcludedProcessesProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64
    
    2018-01-19 16:07:13 SetRestoreExcludedProcessesProperty: Action succeeded
    
    2018-01-19 16:07:20 CheckRegForNullDACLs: Action started
    
    2018-01-19 16:07:20 CheckRegForNullDACLs: Action succeeded
    
    2018-01-19 16:07:21 SetUpdateBegin: Action started
    
    2018-01-19 16:07:21 SetUpdateBegin: Unable to create an instance of ComponentManager - SystemInformation will not be informed of the update (0x80070424)
    
    2018-01-19 16:07:21 SetUpdateBegin: Action succeeded
    
    2018-01-19 16:07:21 CloseSavMainWindow: Action started
    
    2018-01-19 16:07:21 CloseSavMainWindow: Action succeeded
    
    2018-01-19 16:07:21 DisableServices: Action started
    
    2018-01-19 16:07:21 DisableServices: SetServiceStartMode failed: Unable to get a handle to requested service SAVService, error 1060.
    
    2018-01-19 16:07:21 DisableServices: DisableServices failed to disable SAVService
    
    2018-01-19 16:07:21 DisableServices: SetServiceStartMode failed: Unable to get a handle to requested service SAVAdminService, error 1060.
    
    2018-01-19 16:07:21 DisableServices: DisableServices failed to disable SAVAdminService
    
    2018-01-19 16:07:21 DisableServices: Action succeeded
    
    2018-01-19 16:07:22 ForceStopSAVService: Action started
    
    2018-01-19 16:07:22 ForceStopSAVService: ForceStopService: Stopping SAVService
    
    2018-01-19 16:07:22 ForceStopSAVService: ForceStopService: service failed to stop, hr=0x80070424
    
    2018-01-19 16:07:22 ForceStopSAVService: ForceStopService: Terminating the service
    
    2018-01-19 16:07:22 ForceStopSAVService: ForceStopService: Terminate failed, hr=0x80070424
    
    2018-01-19 16:07:22 ForceStopSAVService: ForceStopService: Checking if service is still running
    
    2018-01-19 16:07:22 ForceStopSAVService: ForceStopService: Stopping SAVAdminService
    
    2018-01-19 16:07:22 ForceStopSAVService: ForceStopService: service failed to stop, hr=0x80070424
    
    2018-01-19 16:07:22 ForceStopSAVService: ForceStopService: Terminating the service
    
    2018-01-19 16:07:22 ForceStopSAVService: ForceStopService: Terminate failed, hr=0x80070424
    
    2018-01-19 16:07:22 ForceStopSAVService: ForceStopService: Checking if service is still running
    
    2018-01-19 16:07:22 ForceStopSAVService: ForceStopSAVService: Services have been stopped
    
    2018-01-19 16:07:22 ForceStopSAVService: Action succeeded
    
    2018-01-19 16:07:22 WaitForSAVService: Action started
    
    2018-01-19 16:07:22 WaitForSAVService: WaitForSAVService: Walking system processes...
    
    2018-01-19 16:07:22 WaitForSAVService: WaitForSAVService: Finished walking system processes.
    
    2018-01-19 16:07:22 WaitForSAVService: Action succeeded
    
    2018-01-19 16:07:22 CheckUninstallDrivers: Action started
    
    2018-01-19 16:07:22 CheckUninstallDrivers: IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess control. Returning false.
    
    2018-01-19 16:07:22 CheckUninstallDrivers: IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess filter. Returning false.
    
    2018-01-19 16:07:22 CheckUninstallDrivers: Action succeeded
    
    2018-01-19 16:07:22 DeleteIDEs: Action started
    
    2018-01-19 16:07:22 DeleteIDEs: Action succeeded
    
    2018-01-19 16:07:22 DeleteBDLs: Action started
    
    2018-01-19 16:07:22 DeleteBDLs: Action succeeded
    
    2018-01-19 16:07:22 DeleteHIPSConfig: Action started
    
    2018-01-19 16:07:22 DeleteHIPSConfig: Action succeeded
    
    2018-01-19 16:07:22 RemoveFilesOnUpgrade: Action started
    
    2018-01-19 16:07:22 RemoveFilesOnUpgrade: Action succeeded
    
    2018-01-19 16:07:22 UpdateSavAdapterDll: Action started
    
    2018-01-19 16:07:32 UpdateSavAdapterDll: Action succeeded
    
    2018-01-19 16:07:32 UpdateDesktopMessaging: Action started
    
    2018-01-19 16:07:32 UpdateDesktopMessaging: UpdateDesktopMessaging: Could not delete SAVPlugin registry key(2)
    
    2018-01-19 16:07:32 UpdateDesktopMessaging: Action succeeded
    
    2018-01-19 16:07:32 CopyOtherFiles: Action started
    
    2018-01-19 16:07:32 CopyOtherFiles: CopyOtherFiles custom action - Copying other driver files
    
    2018-01-19 16:07:32 CopyOtherFiles: Copying class filter source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\sdcfilter\win7_amd64\SDCFILTER.INF, target: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\
    
    2018-01-19 16:07:32 CopyOtherFiles: Copying boot driver source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\boottasks\win7_amd64\SOPHOSBOOTDRIVER.INF, target: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\
    
    2018-01-19 16:07:32 CopyOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll detoured exists, proceeding to rename it & mark for delete.
    
    2018-01-19 16:07:32 CopyOtherFiles: PROCESSOR_ARCHITECTURE environment variable is: AMD64
    
    2018-01-19 16:07:32 CopyOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll detoured exists, proceeding to rename it & mark for delete.
    
    2018-01-19 16:07:32 CopyOtherFiles: Copying boot tasks source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\boottasks\win7_amd64\SophosBootTasks.exe, target: C:\WINDOWS\system32\
    
    2018-01-19 16:07:32 CopyOtherFiles: Action succeeded
    
    2018-01-19 16:07:32 ForceDeleteUserPlugin: Action started
    
    2018-01-19 16:07:32 ForceDeleteUserPlugin: Error deleting DesktopMessaging registry key. Returned error was: The system cannot find the file specified.
    
    
    
    2018-01-19 16:07:32 ForceDeleteUserPlugin: Error deleting user pluging registry key. Returned error was: The system cannot find the file specified.
    
    
    
    2018-01-19 16:07:32 ForceDeleteUserPlugin: Action succeeded
    
    2018-01-19 16:07:32 RegisterBufferOverflowProtection: Action started
    
    2018-01-19 16:07:32 RegisterBufferOverflowProtection: BopsUnregister: could not get short path to DLL. It will not be unregistered.
    
    2018-01-19 16:07:32 RegisterBufferOverflowProtection: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\detoured.dll does not exist, no further action.
    
    2018-01-19 16:07:32 RegisterBufferOverflowProtection: BOPS path already exists
    
    2018-01-19 16:07:32 RegisterBufferOverflowProtection: PROCESSOR_ARCHITECTURE environment variable is: AMD64
    
    2018-01-19 16:07:32 RegisterBufferOverflowProtection: BOPS path already exists
    
    2018-01-19 16:07:32 RegisterBufferOverflowProtection: Action succeeded
    
    2018-01-19 16:07:33 RestoreExcludedProcesses: Action started
    
    2018-01-19 16:07:33 RestoreExcludedProcesses: RestoreExcludedProcesses
    
    2018-01-19 16:07:33 RestoreExcludedProcesses: Empty excluded processes property. Nothing to be done.
    
    2018-01-19 16:07:33 RestoreExcludedProcesses: Action succeeded
    
    2018-01-19 16:07:33 StartDriverServices: Action started
    
    2018-01-19 16:07:33 StartDriverServices: IsServiceRunning: Unable to get a handle to requested service skmscan. Returning false.
    
    2018-01-19 16:07:33 StartDriverServices: Unable to get a handle to kms service - service will not be started until next reboot
    
    2018-01-19 16:07:33 StartDriverServices: IsServiceRunning: Unable to get a handle to requested service SAVOnAccess. Returning false.
    
    2018-01-19 16:07:33 StartDriverServices: Unable to get a handle to the OnAccess service - service will not be started until next reboot
    
    2018-01-19 16:07:33 StartDriverServices: Action succeeded
    
    2018-01-19 16:07:34 CreateUserGroups: Action started
    
    2018-01-19 16:07:34 CreateUserGroups: Unable to create local SophosUserGroup
    
    2018-01-19 16:07:34 CreateUserGroups: Unable to create local SophosPowerGroup
    
    2018-01-19 16:07:34 CreateUserGroups: Unable to create local SophosAdminGroup
    
    2018-01-19 16:07:34 CreateUserGroups: Unable to create local OnAccessGroup
    
    2018-01-19 16:07:34 CreateUserGroups: Unable to create OnAccess SID key
    
    2018-01-19 16:07:34 CreateUserGroups: Local name of well-known group Administrators is Administrators
    
    2018-01-19 16:07:34 CreateUserGroups: Local name of well-known group PowerUsers is Power Users
    
    2018-01-19 16:07:34 CreateUserGroups: Local name of well-known group Users is Users
    
    2018-01-19 16:07:34 CreateUserGroups: SophosUser already exists - skipped adding members
    
    2018-01-19 16:07:34 CreateUserGroups: SophosPowerUser already exists - skipped adding members
    
    2018-01-19 16:07:34 CreateUserGroups: SophosAdministrator already exists - skipped adding members
    
    2018-01-19 16:07:34 CreateUserGroups: Adding LOCAL SYSTEM to the SophosAdministrator role in the machine file
    
    2018-01-19 16:07:34 CreateUserGroups: No need to restart Sophos Agent service
    
    2018-01-19 16:07:34 CreateUserGroups: Action succeeded
    
    2018-01-19 16:07:34 PurgeIOfficeAVCache: Action started
    
    2018-01-19 16:07:34 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64
    
    2018-01-19 16:07:34 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64
    
    2018-01-19 16:07:34 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64
    
    2018-01-19 16:07:34 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64
    
    2018-01-19 16:07:34 PurgeIOfficeAVCache: Opened key name S-1-5-21-458848932-3786722057-4008444950-27827\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
    
    2018-01-19 16:07:34 PurgeIOfficeAVCache: Unable to remove Enum sub key: 0x2
    
    2018-01-19 16:07:34 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64
    
    2018-01-19 16:07:34 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64
    
    2018-01-19 16:07:34 PurgeIOfficeAVCache: Action succeeded
    
    2018-01-19 16:07:34 EnableAttachmentScanning: Action started
    
    2018-01-19 16:07:34 EnableAttachmentScanning: ScanWithAntiVirus value is already set to 3
    
    2018-01-19 16:07:34 EnableAttachmentScanning: Action succeeded
    
    2018-01-19 16:07:34 AddDomainGroups: Action started
    
    2018-01-19 16:07:34 AddDomainGroups: Found SophosDomainUser group
    
    2018-01-19 16:07:34 AddDomainGroups: Found SophosDomainPowerUser group
    
    2018-01-19 16:07:34 AddDomainGroups: Found SophosDomainAdministrator group
    
    2018-01-19 16:07:34 AddDomainGroups: Added SophosDomainAdministrator group to SophosAdministrator group
    
    2018-01-19 16:07:34 AddDomainGroups: Added SophosDomainPowerUser group to SophosPowerUser group
    
    2018-01-19 16:07:34 AddDomainGroups: Added SophosDomainUser group to SophosUser group
    
    2018-01-19 16:07:34 AddDomainGroups: Action succeeded
    
    2018-01-19 16:07:39 UpdateSAVI: Action started
    
    2018-01-19 16:07:39 UpdateSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate
    
    2018-01-19 16:07:39 UpdateSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__
    
    2018-01-19 16:07:39 UpdateSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate
    
    2018-01-19 16:07:39 UpdateSAVI: UpdateRequest signalled
    
    2018-01-19 16:07:39 UpdateSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended
    
    2018-01-19 16:07:39 UpdateSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__
    
    2018-01-19 16:07:39 UpdateSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended
    
    2018-01-19 16:07:39 UpdateSAVI: MSCM version orig: 0.3.0.90 new: 0.3.0.90
    
    2018-01-19 16:07:40 UpdateSAVI: SAVI dll was installed successfully
    
    2018-01-19 16:07:40 UpdateSAVI: Action succeeded
    
    2018-01-19 16:07:40 SetFolderPermissions: Action started
    
    2018-01-19 16:07:40 SetFolderPermissions: We are running on XP or higher - adding LocalService to permissions on config files
    
    2018-01-19 16:07:40 SetFolderPermissions: We are running on XP or higher - adding LocalService to permissions on config files
    
    2018-01-19 16:07:40 SetFolderPermissions: Action succeeded
    
    2018-01-19 16:07:40 CreateTamperProtectionRegKey: Action started
    
    2018-01-19 16:07:40 CreateTamperProtectionRegKey: Action succeeded
    
    2018-01-19 16:07:41 SetServiceXP: Action started
    
    2018-01-19 16:07:41 SetServiceXP: Action succeeded
    
    2018-01-19 16:07:41 SetSAVServiceSID: Action started
    
    2018-01-19 16:07:41 SetSAVServiceSID: Unable to add service SID to on-access registry location, error returned: 2
    
    2018-01-19 16:07:41 SetSAVServiceSID: Action failed
    
    2018-01-19 16:07:41 RemoveTamperProtectionRegKey: Action started
    
    2018-01-19 16:07:41 RemoveTamperProtectionRegKey: Action succeeded
    
    2018-01-19 16:07:51 UpdateDesktopMessaging: Action started
    
    2018-01-19 16:07:51 UpdateDesktopMessaging: UpdateDesktopMessaging: Could not delete SAVPlugin registry key(2)
    
    2018-01-19 16:07:51 UpdateDesktopMessaging: Action succeeded
    
    2018-01-19 16:07:51 RollbackUpdateSavAdapterDll: Action started
    
    2018-01-19 16:07:51 RollbackUpdateSavAdapterDll: Action succeeded
    
    2018-01-19 16:07:52 RollbackDisableServices: Action started
    
    2018-01-19 16:07:52 RollbackDisableServices: SetServiceStartMode failed: Unable to get a handle to requested service SAVService, error 1060.
    
    2018-01-19 16:07:52 RollbackDisableServices: RollbackDisableServices failed to enable SAVService
    
    2018-01-19 16:07:52 RollbackDisableServices: SetServiceStartMode failed: Unable to get a handle to requested service SAVAdminService, error 1060.
    
    2018-01-19 16:07:52 RollbackDisableServices: RollbackDisableServices failed to enable SAVAdminService
    
    2018-01-19 16:07:52 RollbackDisableServices: Action succeeded
    
    2018-01-19 16:07:53 RunErrorScripts: Action started
    
    2018-01-19 16:07:53 RunErrorScripts: Action succeeded
    
    2018-01-19 16:07:53 RestoreMovedFiles: Action started
    
    2018-01-19 16:07:53 RestoreMovedFiles: Action succeeded
    
    2018-01-19 16:07:53 SetUpdateFailed: Action started
    
    2018-01-19 16:07:53 SetUpdateFailed: Unable to create an instance of ComponentManager - SystemInformation cannot be informed of end of update
    
    2018-01-19 16:07:53 SetUpdateFailed: Action succeeded
    
    

  • Hello Tara,

    these are just the Properties, in some cases the are just variables that are or are not used - it's not clear whether this message has been issued.
    Please search for the Return Value 3 as shown in the article.
    BTW: These runtime errors you've mentioned - which application(s) did they affect?

    Christian

  • At the time the runtime errors were occuring i just hopped on the machine and checked permissions to the autoupdate folders and the TEMP and TMP folder paths etc. I manually removed some of the Sophos components as it was telling me the device hadnt reported in 2 months and that none of the components were installed (which is probably what caused all these issues)

    The client machine when trying to open the application came up with an error saying doesnt exist then closed and didnt reappear when i next opened it.

    I know i have probably made it worse but i guess its a learning curve.

    return value 3 showed this and one at the end of the major install log:

    SetupSspUserAccount:  Initialized.
    SetupSspUserAccount:  LoadAccount(SophosSSPUser) failed (error 1332)
    SetupSspUserAccount:  Granting permissions to user "NT SERVICE\SAVService"
    MSI (s) (90:BC) [16:17:38:878]: Executing op: ActionStart(Name=SetServiceXP,,)
    SetupSspUserAccount:  Service has stopped, now starting.
    MSI (s) (90:BC) [16:17:38:878]: Executing op: CustomActionSchedule(Action=SetServiceXP,ActionType=1025,Source=BinaryData,Target=SetServiceXP,)
    MSI (s) (90:4C) [16:17:38:878]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI7322.tmp, Entrypoint: SetServiceXP
    MSI (s) (90:BC) [16:17:38:909]: Executing op: ActionStart(Name=SetSAVServiceSID,,)
    MSI (s) (90:BC) [16:17:38:909]: Executing op: CustomActionSchedule(Action=SetSAVServiceSID,ActionType=1025,Source=BinaryData,Target=SetSAVServiceSID,)
    MSI (s) (90:C4) [16:17:38:909]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI7342.tmp, Entrypoint: SetSAVServiceSID
    CustomAction SetSAVServiceSID returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
    MSI (s) (90:BC) [16:17:38:971]: Note: 1: 2265 2:  3: -2147287035
    MSI (s) (90:BC) [16:17:38:971]: User policy value 'DisableRollback' is 0
    MSI (s) (90:BC) [16:17:38:971]: Machine policy value 'DisableRollback' is 0
    Action ended 16:17:38: InstallFinalize. Return value 3.

  • Hello Tara,

    thanks.
    Might seem strange though the 1332 is normal. What has failed is the SetSAVServiceSID CustomAction, if there are any details they should be in the corresponding Sophos Anti-Virus Major CustomActions Log.

    Christian 

  • Hi Christian,

     

    Are you refering to the smaller log that i attached beforehand?

     

    Thanks

    Tara

  • 2018-01-22 12:40:02 SetSAVServiceSID: Action started
    2018-01-22 12:40:02 SetSAVServiceSID: Unable to add service SID to on-access registry location, error returned: 2
    2018-01-22 12:40:02 SetSAVServiceSID: Action failed

  • Hello Tara,

    you're right. Sorry, I've missed it.
    The registry key in question is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SAVOnAccess\ - does it exist? If I understand the first log you've posted correctly SAVXP appears to be installed but as the services can't be "found" it says The product is not installed correctly. MSI update required. Is Sophos Anti-Virus listed under Programs and Featrures? If so, I'd try to uninstall it.

    Christian