This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Install Sophos | failed A Windows API call returned error 4551

Hello,

I tried to install Sophos Endpoint Security and Control (v10.8), but after the screen where I must write the credentials, I have 2 error message:

Logs:

Fullscreen

1
2
3
4
5
5/17/2022,2:23:36 PM,Information,Process security set successfully,
5/17/2022,2:23:42 PM,Information,Verified that contents of CID C match the manifest file,
5/17/2022,2:23:42 PM,Information,Searching for third-party security software.,
5/17/2022,2:23:42 PM,ERROR,CreateProcess (NULL, "C:\Users\a-cbr\AppData\Local\Temp\crt\avremovew.exe" , ...) failed A Windows API call returned error 4551,
5/17/2022,2:23:58 PM,ERROR,Failed to copy CRT directory to local machine,
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

5/17/2022,2:23:36 PM,Information,Process security set successfully,
5/17/2022,2:23:42 PM,Information,Verified that contents of CID C match the manifest file,
5/17/2022,2:23:42 PM,Information,Searching for third-party security software.,
5/17/2022,2:23:42 PM,ERROR,CreateProcess (NULL, "C:\Users\a-cbr\AppData\Local\Temp\crt\avremovew.exe" , ...) failed A Windows API call returned error 4551,
5/17/2022,2:23:58 PM,ERROR,Failed to copy CRT directory to local machine,

I already looking on forum, but I don't find anything.

Can you help me please ?

OS: Windows Server 2019 Standard, v1809, OS build 17763.2928

Thank you

This thread was automatically locked due to age.

Top Replies

Sophos User930 over 3 years ago in reply to C Bo +1

I suspect you have a policy that prevents executables from running from user's temp locations. Software Restriction Policies in GP? If so and you can't change that , you could try copying the CID from…

0 GlennSen over 3 years ago

Hi there,

Thank you for reaching out, We would like to further investigate this issue so I would like to ask for your assistance in creating a case and then re-create the error that you're getting while Running Process Monitoring and collecting SDU then attached the logs on the case that you're going to create.

Once done, you can try running the installation package via CMD and add this syntax `--nocompetitorremoval' then observed the installation process. Capture any errors you encounter via snapshot and share it with us. Make sure you open your CMD via Elevated access before performing the said action.

Glenn ArchieSeñas (GlennSen)

Global Community Support Engineer

The New Home of Sophos Support Videos! - Visit Sophos Techvids
- 0 C Bo over 3 years ago in reply to GlennSen
  
  Hello,
  
  I'll create a case.
  
  Besides, with the syntax I had another error (elevated CMD):
  - 0 Sophos User930 over 3 years ago in reply to C Bo
    
    The error 4551 =
    
    ERROR_SYSTEM_INTEGRITY_POLICY_VIOLATION
    
    Your organization used Device Guard to block this app. Contact your support person for more info.
    
    Does that help?
  - 0 C Bo over 3 years ago in reply to Sophos User930
    
    It's help yes and no, yes because I had something to search, and no because I'm on Administrator Account.
    
    Thank you for your help
  - 0 Sophos User930 over 3 years ago in reply to C Bo
    
    I suspect you have a policy that prevents executables from running from user's temp locations.
    
    Software Restriction Policies in GP?
    
    If so and you can't change that, you could try copying the CID from the distribution point to the server E.g C:\S000\
    
    Launch a cmd prompt as system using psexec, e.g.
    
    psexec -i -s cmd
    
    PsExec - Windows Sysinternals | Microsoft Docs
    
    From that new cmd prompt running as system (check with whoami), you can CD to C:\S00 etc and run setup.exe
    
    Software restriction policies don't apply to System user.