This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Install Sophos | failed A Windows API call returned error 4551

Hello,

I tried to install Sophos Endpoint Security and Control (v10.8), but after the screen where I must write the credentials, I have 2 error message:

Logs: 

5/17/2022,2:23:36 PM,Information,Process security set successfully,
5/17/2022,2:23:42 PM,Information,Verified that contents of CID C match the manifest file,
5/17/2022,2:23:42 PM,Information,Searching for third-party security software.,
5/17/2022,2:23:42 PM,ERROR,CreateProcess (NULL, "C:\Users\a-cbr\AppData\Local\Temp\crt\avremovew.exe" , ...) failed A Windows API call returned error 4551,
5/17/2022,2:23:58 PM,ERROR,Failed to copy CRT directory to local machine,
I already looking on forum, but I don't find anything.

Can you help me please ?

OS: Windows Server 2019 Standard, v1809, OS build 17763.2928

Thank you



This thread was automatically locked due to age.
Parents
  • Hi there, 

    Thank you for reaching out, We would like to further investigate this issue so I would like to ask for your assistance in creating a case and then re-create the error that you're getting while Running Process Monitoring and collecting SDU then attached the logs on the case that you're going to create.

    Once done, you can try running the installation package via CMD and add this syntax `--nocompetitorremoval' then observed the installation process. Capture any errors you encounter via snapshot and share it with us. Make sure you open your CMD via Elevated access before performing the said action.


    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hello,

    I'll create a case.

    Besides, with the syntax I had another error (elevated CMD):

  • The error 4551 = 

    ERROR_SYSTEM_INTEGRITY_POLICY_VIOLATION

    Your organization used Device Guard to block this app. Contact your support person for more info.

    Does that help?

  • It's help yes and no, yes because I had something to search, and no because I'm on Administrator Account.

    Thank you for your help

  • I suspect you have a policy that prevents executables from running from user's temp locations.

    Software Restriction Policies in GP?

    If so and you can't change that, you could try copying the CID from the distribution point to the server E.g C:\S000\

    Launch a cmd prompt as system using psexec, e.g.

    psexec -i -s cmd

    PsExec - Windows Sysinternals | Microsoft Docs

    From that new cmd prompt running as system (check with whoami), you can CD to C:\S00  etc and run setup.exe

    Software restriction policies don't apply to System user.

Reply
  • I suspect you have a policy that prevents executables from running from user's temp locations.

    Software Restriction Policies in GP?

    If so and you can't change that, you could try copying the CID from the distribution point to the server E.g C:\S000\

    Launch a cmd prompt as system using psexec, e.g.

    psexec -i -s cmd

    PsExec - Windows Sysinternals | Microsoft Docs

    From that new cmd prompt running as system (check with whoami), you can CD to C:\S00  etc and run setup.exe

    Software restriction policies don't apply to System user.

Children
No Data