Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 3 subscribers
  • Views 15889 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Failed to install SAVXP - Windows 10

Tara Heffer

Hi,

 

I am attempting to install Endpoint onto a device that had previous runtime errors, whilst i am now having it communicate back to the Enterprise Console it is unfortunately not installing the additional components and coming back with the error "failed to install SAVXP"

I have looked at the logs but cannot make heads or tails of them as i am a complete novice, can anyone advise?

 

Many thanks

Tara

 

i have only added a snippet of the logs as they are too large to upload, let me know if thats enough.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Tara,

    let others have a look at the logs :) - in this case the Sophos Major Install and Major CustomActions logs. BTW - have you seen this troubleshooting article?

    Christian

  • 0 in reply to QC

    Thank you for the link, its definately helpful.

    Whilst reading from the bottom up i found this:

     

    Property(S): UNINSTALLBOOTDRIVERS = 1
    Property(S): UNINSTALLCLASSFILTER = 1
    Property(S): UNINSTALLDRIVERS = 1
    Property(S): UNINSTALLERROR = An older version of Sophos Anti-Virus has not been fully removed from your machine. Please reboot your machine before attempting to install Sophos Anti-Virus.
    Property(S): UNINSTALLKMSDRIVERS = 1
    Property(S): UPDATEBOOTDRIVERS = 0
    Property(S): UPDATECLASSFILTER = 0
    Property(S): VIRUSDATAUPDATE = 0

    The machine has been rebooted however so not sure?

    Also is there a way of completely removing the component as it was preventing me because of an instance of tamper control which i could not see active?

  • 0 in reply to Tara Heffer

    Fullscreen Sophos Anti-Virus Major CustomActions Log_180119_040709.txt Download 
    2018-01-19 16:07:13 ExtractClassicConfig: Action started

2018-01-19 16:07:13 ExtractClassicConfig: Action succeeded

2018-01-19 16:07:13 PreInstallChecks: Action started

2018-01-19 16:07:13 PreInstallChecks: Action succeeded

2018-01-19 16:07:13 SetClassFilterPresentProperty: Action started

2018-01-19 16:07:13 SetClassFilterPresentProperty: Setting class filter present property to: 1

2018-01-19 16:07:13 SetClassFilterPresentProperty: Action succeeded

2018-01-19 16:07:13 SetDriverProperty: Action started

2018-01-19 16:07:13 SetDriverProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2018-01-19 16:07:13 SetDriverProperty: Action succeeded

2018-01-19 16:07:13 SetProcessorProperties: Action started

2018-01-19 16:07:13 SetProcessorProperties: Action succeeded

2018-01-19 16:07:13 SetRestoreExcludedProcessesProperty: Action started

2018-01-19 16:07:13 SetRestoreExcludedProcessesProperty: SetRestoreExcludedProcessesProperty

2018-01-19 16:07:13 SetRestoreExcludedProcessesProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2018-01-19 16:07:13 SetRestoreExcludedProcessesProperty: Action succeeded

2018-01-19 16:07:20 CheckRegForNullDACLs: Action started

2018-01-19 16:07:20 CheckRegForNullDACLs: Action succeeded

2018-01-19 16:07:21 SetUpdateBegin: Action started

2018-01-19 16:07:21 SetUpdateBegin: Unable to create an instance of ComponentManager - SystemInformation will not be informed of the update (0x80070424)

2018-01-19 16:07:21 SetUpdateBegin: Action succeeded

2018-01-19 16:07:21 CloseSavMainWindow: Action started

2018-01-19 16:07:21 CloseSavMainWindow: Action succeeded

2018-01-19 16:07:21 DisableServices: Action started

2018-01-19 16:07:21 DisableServices: SetServiceStartMode failed: Unable to get a handle to requested service SAVService, error 1060.

2018-01-19 16:07:21 DisableServices: DisableServices failed to disable SAVService

2018-01-19 16:07:21 DisableServices: SetServiceStartMode failed: Unable to get a handle to requested service SAVAdminService, error 1060.

2018-01-19 16:07:21 DisableServices: DisableServices failed to disable SAVAdminService

2018-01-19 16:07:21 DisableServices: Action succeeded

2018-01-19 16:07:22 ForceStopSAVService: Action started

2018-01-19 16:07:22 ForceStopSAVService: ForceStopService: Stopping SAVService

2018-01-19 16:07:22 ForceStopSAVService: ForceStopService: service failed to stop, hr=0x80070424

2018-01-19 16:07:22 ForceStopSAVService: ForceStopService: Terminating the service

2018-01-19 16:07:22 ForceStopSAVService: ForceStopService: Terminate failed, hr=0x80070424

2018-01-19 16:07:22 ForceStopSAVService: ForceStopService: Checking if service is still running

2018-01-19 16:07:22 ForceStopSAVService: ForceStopService: Stopping SAVAdminService

2018-01-19 16:07:22 ForceStopSAVService: ForceStopService: service failed to stop, hr=0x80070424

2018-01-19 16:07:22 ForceStopSAVService: ForceStopService: Terminating the service

2018-01-19 16:07:22 ForceStopSAVService: ForceStopService: Terminate failed, hr=0x80070424

2018-01-19 16:07:22 ForceStopSAVService: ForceStopService: Checking if service is still running

2018-01-19 16:07:22 ForceStopSAVService: ForceStopSAVService: Services have been stopped

2018-01-19 16:07:22 ForceStopSAVService: Action succeeded

2018-01-19 16:07:22 WaitForSAVService: Action started

2018-01-19 16:07:22 WaitForSAVService: WaitForSAVService: Walking system processes...

2018-01-19 16:07:22 WaitForSAVService: WaitForSAVService: Finished walking system processes.

2018-01-19 16:07:22 WaitForSAVService: Action succeeded

2018-01-19 16:07:22 CheckUninstallDrivers: Action started

2018-01-19 16:07:22 CheckUninstallDrivers: IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess control. Returning false.

2018-01-19 16:07:22 CheckUninstallDrivers: IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess filter. Returning false.

2018-01-19 16:07:22 CheckUninstallDrivers: Action succeeded

2018-01-19 16:07:22 DeleteIDEs: Action started

2018-01-19 16:07:22 DeleteIDEs: Action succeeded

2018-01-19 16:07:22 DeleteBDLs: Action started

2018-01-19 16:07:22 DeleteBDLs: Action succeeded

2018-01-19 16:07:22 DeleteHIPSConfig: Action started

2018-01-19 16:07:22 DeleteHIPSConfig: Action succeeded

2018-01-19 16:07:22 RemoveFilesOnUpgrade: Action started

2018-01-19 16:07:22 RemoveFilesOnUpgrade: Action succeeded

2018-01-19 16:07:22 UpdateSavAdapterDll: Action started

2018-01-19 16:07:32 UpdateSavAdapterDll: Action succeeded

2018-01-19 16:07:32 UpdateDesktopMessaging: Action started

2018-01-19 16:07:32 UpdateDesktopMessaging: UpdateDesktopMessaging: Could not delete SAVPlugin registry key(2)

2018-01-19 16:07:32 UpdateDesktopMessaging: Action succeeded

2018-01-19 16:07:32 CopyOtherFiles: Action started

2018-01-19 16:07:32 CopyOtherFiles: CopyOtherFiles custom action - Copying other driver files

2018-01-19 16:07:32 CopyOtherFiles: Copying class filter source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\sdcfilter\win7_amd64\SDCFILTER.INF, target: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\

2018-01-19 16:07:32 CopyOtherFiles: Copying boot driver source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\boottasks\win7_amd64\SOPHOSBOOTDRIVER.INF, target: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\

2018-01-19 16:07:32 CopyOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll detoured exists, proceeding to rename it & mark for delete.

2018-01-19 16:07:32 CopyOtherFiles: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2018-01-19 16:07:32 CopyOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll detoured exists, proceeding to rename it & mark for delete.

2018-01-19 16:07:32 CopyOtherFiles: Copying boot tasks source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\boottasks\win7_amd64\SophosBootTasks.exe, target: C:\WINDOWS\system32\

2018-01-19 16:07:32 CopyOtherFiles: Action succeeded

2018-01-19 16:07:32 ForceDeleteUserPlugin: Action started

2018-01-19 16:07:32 ForceDeleteUserPlugin: Error deleting DesktopMessaging registry key. Returned error was: The system cannot find the file specified.



2018-01-19 16:07:32 ForceDeleteUserPlugin: Error deleting user pluging registry key. Returned error was: The system cannot find the file specified.



2018-01-19 16:07:32 ForceDeleteUserPlugin: Action succeeded

2018-01-19 16:07:32 RegisterBufferOverflowProtection: Action started

2018-01-19 16:07:32 RegisterBufferOverflowProtection: BopsUnregister: could not get short path to DLL. It will not be unregistered.

2018-01-19 16:07:32 RegisterBufferOverflowProtection: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\detoured.dll does not exist, no further action.

2018-01-19 16:07:32 RegisterBufferOverflowProtection: BOPS path already exists

2018-01-19 16:07:32 RegisterBufferOverflowProtection: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2018-01-19 16:07:32 RegisterBufferOverflowProtection: BOPS path already exists

2018-01-19 16:07:32 RegisterBufferOverflowProtection: Action succeeded

2018-01-19 16:07:33 RestoreExcludedProcesses: Action started

2018-01-19 16:07:33 RestoreExcludedProcesses: RestoreExcludedProcesses

2018-01-19 16:07:33 RestoreExcludedProcesses: Empty excluded processes property. Nothing to be done.

2018-01-19 16:07:33 RestoreExcludedProcesses: Action succeeded

2018-01-19 16:07:33 StartDriverServices: Action started

2018-01-19 16:07:33 StartDriverServices: IsServiceRunning: Unable to get a handle to requested service skmscan. Returning false.

2018-01-19 16:07:33 StartDriverServices: Unable to get a handle to kms service - service will not be started until next reboot

2018-01-19 16:07:33 StartDriverServices: IsServiceRunning: Unable to get a handle to requested service SAVOnAccess. Returning false.

2018-01-19 16:07:33 StartDriverServices: Unable to get a handle to the OnAccess service - service will not be started until next reboot

2018-01-19 16:07:33 StartDriverServices: Action succeeded

2018-01-19 16:07:34 CreateUserGroups: Action started

2018-01-19 16:07:34 CreateUserGroups: Unable to create local SophosUserGroup

2018-01-19 16:07:34 CreateUserGroups: Unable to create local SophosPowerGroup

2018-01-19 16:07:34 CreateUserGroups: Unable to create local SophosAdminGroup

2018-01-19 16:07:34 CreateUserGroups: Unable to create local OnAccessGroup

2018-01-19 16:07:34 CreateUserGroups: Unable to create OnAccess SID key

2018-01-19 16:07:34 CreateUserGroups: Local name of well-known group Administrators is Administrators

2018-01-19 16:07:34 CreateUserGroups: Local name of well-known group PowerUsers is Power Users

2018-01-19 16:07:34 CreateUserGroups: Local name of well-known group Users is Users

2018-01-19 16:07:34 CreateUserGroups: SophosUser already exists - skipped adding members

2018-01-19 16:07:34 CreateUserGroups: SophosPowerUser already exists - skipped adding members

2018-01-19 16:07:34 CreateUserGroups: SophosAdministrator already exists - skipped adding members

2018-01-19 16:07:34 CreateUserGroups: Adding LOCAL SYSTEM to the SophosAdministrator role in the machine file

2018-01-19 16:07:34 CreateUserGroups: No need to restart Sophos Agent service

2018-01-19 16:07:34 CreateUserGroups: Action succeeded

2018-01-19 16:07:34 PurgeIOfficeAVCache: Action started

2018-01-19 16:07:34 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2018-01-19 16:07:34 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2018-01-19 16:07:34 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2018-01-19 16:07:34 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2018-01-19 16:07:34 PurgeIOfficeAVCache: Opened key name S-1-5-21-458848932-3786722057-4008444950-27827\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}

2018-01-19 16:07:34 PurgeIOfficeAVCache: Unable to remove Enum sub key: 0x2

2018-01-19 16:07:34 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2018-01-19 16:07:34 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64

2018-01-19 16:07:34 PurgeIOfficeAVCache: Action succeeded

2018-01-19 16:07:34 EnableAttachmentScanning: Action started

2018-01-19 16:07:34 EnableAttachmentScanning: ScanWithAntiVirus value is already set to 3

2018-01-19 16:07:34 EnableAttachmentScanning: Action succeeded

2018-01-19 16:07:34 AddDomainGroups: Action started

2018-01-19 16:07:34 AddDomainGroups: Found SophosDomainUser group

2018-01-19 16:07:34 AddDomainGroups: Found SophosDomainPowerUser group

2018-01-19 16:07:34 AddDomainGroups: Found SophosDomainAdministrator group

2018-01-19 16:07:34 AddDomainGroups: Added SophosDomainAdministrator group to SophosAdministrator group

2018-01-19 16:07:34 AddDomainGroups: Added SophosDomainPowerUser group to SophosPowerUser group

2018-01-19 16:07:34 AddDomainGroups: Added SophosDomainUser group to SophosUser group

2018-01-19 16:07:34 AddDomainGroups: Action succeeded

2018-01-19 16:07:39 UpdateSAVI: Action started

2018-01-19 16:07:39 UpdateSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate

2018-01-19 16:07:39 UpdateSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__

2018-01-19 16:07:39 UpdateSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate

2018-01-19 16:07:39 UpdateSAVI: UpdateRequest signalled

2018-01-19 16:07:39 UpdateSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended

2018-01-19 16:07:39 UpdateSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__

2018-01-19 16:07:39 UpdateSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended

2018-01-19 16:07:39 UpdateSAVI: MSCM version orig: 0.3.0.90 new: 0.3.0.90

2018-01-19 16:07:40 UpdateSAVI: SAVI dll was installed successfully

2018-01-19 16:07:40 UpdateSAVI: Action succeeded

2018-01-19 16:07:40 SetFolderPermissions: Action started

2018-01-19 16:07:40 SetFolderPermissions: We are running on XP or higher - adding LocalService to permissions on config files

2018-01-19 16:07:40 SetFolderPermissions: We are running on XP or higher - adding LocalService to permissions on config files

2018-01-19 16:07:40 SetFolderPermissions: Action succeeded

2018-01-19 16:07:40 CreateTamperProtectionRegKey: Action started

2018-01-19 16:07:40 CreateTamperProtectionRegKey: Action succeeded

2018-01-19 16:07:41 SetServiceXP: Action started

2018-01-19 16:07:41 SetServiceXP: Action succeeded

2018-01-19 16:07:41 SetSAVServiceSID: Action started

2018-01-19 16:07:41 SetSAVServiceSID: Unable to add service SID to on-access registry location, error returned: 2

2018-01-19 16:07:41 SetSAVServiceSID: Action failed

2018-01-19 16:07:41 RemoveTamperProtectionRegKey: Action started

2018-01-19 16:07:41 RemoveTamperProtectionRegKey: Action succeeded

2018-01-19 16:07:51 UpdateDesktopMessaging: Action started

2018-01-19 16:07:51 UpdateDesktopMessaging: UpdateDesktopMessaging: Could not delete SAVPlugin registry key(2)

2018-01-19 16:07:51 UpdateDesktopMessaging: Action succeeded

2018-01-19 16:07:51 RollbackUpdateSavAdapterDll: Action started

2018-01-19 16:07:51 RollbackUpdateSavAdapterDll: Action succeeded

2018-01-19 16:07:52 RollbackDisableServices: Action started

2018-01-19 16:07:52 RollbackDisableServices: SetServiceStartMode failed: Unable to get a handle to requested service SAVService, error 1060.

2018-01-19 16:07:52 RollbackDisableServices: RollbackDisableServices failed to enable SAVService

2018-01-19 16:07:52 RollbackDisableServices: SetServiceStartMode failed: Unable to get a handle to requested service SAVAdminService, error 1060.

2018-01-19 16:07:52 RollbackDisableServices: RollbackDisableServices failed to enable SAVAdminService

2018-01-19 16:07:52 RollbackDisableServices: Action succeeded

2018-01-19 16:07:53 RunErrorScripts: Action started

2018-01-19 16:07:53 RunErrorScripts: Action succeeded

2018-01-19 16:07:53 RestoreMovedFiles: Action started

2018-01-19 16:07:53 RestoreMovedFiles: Action succeeded

2018-01-19 16:07:53 SetUpdateFailed: Action started

2018-01-19 16:07:53 SetUpdateFailed: Unable to create an instance of ComponentManager - SystemInformation cannot be informed of end of update

2018-01-19 16:07:53 SetUpdateFailed: Action succeeded

  • 0 in reply to Tara Heffer

    Hello Tara,

    these are just the Properties, in some cases the are just variables that are or are not used - it's not clear whether this message has been issued.
    Please search for the Return Value 3 as shown in the article.
    BTW: These runtime errors you've mentioned - which application(s) did they affect?

    Christian

  • 0 in reply to QC

    At the time the runtime errors were occuring i just hopped on the machine and checked permissions to the autoupdate folders and the TEMP and TMP folder paths etc. I manually removed some of the Sophos components as it was telling me the device hadnt reported in 2 months and that none of the components were installed (which is probably what caused all these issues)

    The client machine when trying to open the application came up with an error saying doesnt exist then closed and didnt reappear when i next opened it.

    I know i have probably made it worse but i guess its a learning curve.

    return value 3 showed this and one at the end of the major install log:

    SetupSspUserAccount:  Initialized.
    SetupSspUserAccount:  LoadAccount(SophosSSPUser) failed (error 1332)
    SetupSspUserAccount:  Granting permissions to user "NT SERVICE\SAVService"
    MSI (s) (90:BC) [16:17:38:878]: Executing op: ActionStart(Name=SetServiceXP,,)
    SetupSspUserAccount:  Service has stopped, now starting.
    MSI (s) (90:BC) [16:17:38:878]: Executing op: CustomActionSchedule(Action=SetServiceXP,ActionType=1025,Source=BinaryData,Target=SetServiceXP,)
    MSI (s) (90:4C) [16:17:38:878]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI7322.tmp, Entrypoint: SetServiceXP
    MSI (s) (90:BC) [16:17:38:909]: Executing op: ActionStart(Name=SetSAVServiceSID,,)
    MSI (s) (90:BC) [16:17:38:909]: Executing op: CustomActionSchedule(Action=SetSAVServiceSID,ActionType=1025,Source=BinaryData,Target=SetSAVServiceSID,)
    MSI (s) (90:C4) [16:17:38:909]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI7342.tmp, Entrypoint: SetSAVServiceSID
    CustomAction SetSAVServiceSID returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
    MSI (s) (90:BC) [16:17:38:971]: Note: 1: 2265 2:  3: -2147287035
    MSI (s) (90:BC) [16:17:38:971]: User policy value 'DisableRollback' is 0
    MSI (s) (90:BC) [16:17:38:971]: Machine policy value 'DisableRollback' is 0
    Action ended 16:17:38: InstallFinalize. Return value 3.

Reply
  • 0 in reply to QC

    At the time the runtime errors were occuring i just hopped on the machine and checked permissions to the autoupdate folders and the TEMP and TMP folder paths etc. I manually removed some of the Sophos components as it was telling me the device hadnt reported in 2 months and that none of the components were installed (which is probably what caused all these issues)

    The client machine when trying to open the application came up with an error saying doesnt exist then closed and didnt reappear when i next opened it.

    I know i have probably made it worse but i guess its a learning curve.

    return value 3 showed this and one at the end of the major install log:

    SetupSspUserAccount:  Initialized.
    SetupSspUserAccount:  LoadAccount(SophosSSPUser) failed (error 1332)
    SetupSspUserAccount:  Granting permissions to user "NT SERVICE\SAVService"
    MSI (s) (90:BC) [16:17:38:878]: Executing op: ActionStart(Name=SetServiceXP,,)
    SetupSspUserAccount:  Service has stopped, now starting.
    MSI (s) (90:BC) [16:17:38:878]: Executing op: CustomActionSchedule(Action=SetServiceXP,ActionType=1025,Source=BinaryData,Target=SetServiceXP,)
    MSI (s) (90:4C) [16:17:38:878]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI7322.tmp, Entrypoint: SetServiceXP
    MSI (s) (90:BC) [16:17:38:909]: Executing op: ActionStart(Name=SetSAVServiceSID,,)
    MSI (s) (90:BC) [16:17:38:909]: Executing op: CustomActionSchedule(Action=SetSAVServiceSID,ActionType=1025,Source=BinaryData,Target=SetSAVServiceSID,)
    MSI (s) (90:C4) [16:17:38:909]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI7342.tmp, Entrypoint: SetSAVServiceSID
    CustomAction SetSAVServiceSID returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
    MSI (s) (90:BC) [16:17:38:971]: Note: 1: 2265 2:  3: -2147287035
    MSI (s) (90:BC) [16:17:38:971]: User policy value 'DisableRollback' is 0
    MSI (s) (90:BC) [16:17:38:971]: Machine policy value 'DisableRollback' is 0
    Action ended 16:17:38: InstallFinalize. Return value 3.

Children
  • 0 in reply to Tara Heffer

    Hello Tara,

    thanks.
    Might seem strange though the 1332 is normal. What has failed is the SetSAVServiceSID CustomAction, if there are any details they should be in the corresponding Sophos Anti-Virus Major CustomActions Log.

    Christian 

  • 0 in reply to QC

    Hi Christian,

     

    Are you refering to the smaller log that i attached beforehand?

     

    Thanks

    Tara

  • 0 in reply to Tara Heffer

    2018-01-22 12:40:02 SetSAVServiceSID: Action started
    2018-01-22 12:40:02 SetSAVServiceSID: Unable to add service SID to on-access registry location, error returned: 2
    2018-01-22 12:40:02 SetSAVServiceSID: Action failed

  • 0 in reply to Tara Heffer

    Hello Tara,

    you're right. Sorry, I've missed it.
    The registry key in question is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SAVOnAccess\ - does it exist? If I understand the first log you've posted correctly SAVXP appears to be installed but as the services can't be "found" it says The product is not installed correctly. MSI update required. Is Sophos Anti-Virus listed under Programs and Featrures? If so, I'd try to uninstall it.

    Christian

  • 0 in reply to QC

    Hi Christian,

     

    Yes Antivirus is installed but when i try and uninstall it is gets all the way to the end and then begins reversing, it it best to use a third party uninstaller to try and remove the software as i can see that the other components are being pushed out from the server successfully.

     

    Thanks

    Tara 

  • 0 in reply to Tara Heffer

    Hello Tara,

    a third party uninstaller
    I wouldn't recommend doing so. IMO they can't be the universal tool many claim to be, and if they work they're the hatched not the scalpel. You don't want to get rid of all of Sophos forever. I'd suggest you use Microsoft's Fix problems. Stop the AutoUpdate service, run the tool to remove the Sophos Anti-Virus installer information (please note: this is not an uninstall). After the service is started AutoUpdate should again try to install SAVXP when it checks for updates.

    Christian

  • 0 in reply to QC

    Hi Christian, 

     

    That did the job and now the software is reporting back to the console successfully.

     

    Thanks for all your help

    Tara

Unfiltered HTML