This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

windows 2003 not updating

i have tried the following but server will still not update. i get a error to say the "this installation package could not be opened. verify that the package exist and that you can access it, or contact the application vendor to verify that this is a valid windows install package"

community.sophos.com/.../16187



This thread was automatically locked due to age.
Parents
  • update

    just noticed as well that there is no cache folder what would cause this not to have a folder?

  • Where are you seeing that log message?  Can you provide a log or screenshot?

  • hi jak  screen shot from the console 

    anti-virus log

    event viewer

  • Hello paul foley1,

    the Microsoft related error codes article suggests to restart the computer (server in this case) for error 0x80070006.

    Christian

  • Hi Qc

     

    server has been rebooted and sophos has been uninstalled and reinstalled about 3/4 times. any idea why there is no cache folder in Program Files\Sophos\AutoUpdate. think this might be the issue as this is missing

  • Hello paul foley1,

    the Cache (as other AutoUpdate files/folders) has been moved to \All Users\Application Data\.

    You get the same error immediately after a new install once AuotUpdate has downloaded and installed SAV? If its indeed cache-related - I don't think the cache "survives" an uninstall.

    Christian 

  • Hi QC

    when i follow the following article https://community.sophos.com/kb/en-us/16187 i get a error when running the second command line. it points to the cache folder that is not there.

     

    there is a cache folder located in c:\documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\Cache. this folder is empty 

  • Hello paul foley1,

    ...\Sophos Anti-Virus\Cache is SAV's cache that serves a different purpose. The article is referring to ...\AutoUpdate\Cache. The SAV log you've posted suggests that AutoUpdate is installed and running, so the cache should be there. Can't say if this article (written for 7.6) still applies and anyway uninstall and reinstall should have done some cleanup.

    Christian

  • Hi QC

     

    yes i think the autoupdate is working ok but the cache folder is not there. server is not showing up to date. i have uninstalled and reinstalled but still no joy. i have compared another server 2003 and it looks as if folders are missing

    the non updated server folder

    up to date server folders

  • Hello paul foley1,

    as said, I think the folders should have been moved (at least on the XP I had running until sowm months ago they have). If AutoUpdate (on the "non" server) is running it should write somewhere, and it should write a log. Is there an AutoUpdate\Logs\ folder under All Users and if, is there a recent ALUpdate log? Or perhaps search the whole drive for it. The dates of the files are different on the two servers - are the files otherwise identical?
    Can you open the Sophos GUI on the "non" server and does it provide the detailed Product Information?

    Christian 

  • Hi QC the non updating server has a ALUpdate20171002T165304.7147670.log date modified 03/10/2017 11:06

    some info from the log if that helps

    Trace(2017-Oct-03 11:06:07): Null update
    Trace(2017-Oct-03 11:06:07): ALUpdate(Action.Skipped): SAVXP
    Trace(2017-Oct-03 11:06:07): CIDUpdateLocation::OnNullUpdate...
    Trace(2017-Oct-03 11:06:07): CustomFileMap::CustomFileMap. CachePath = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache
    Trace(2017-Oct-03 11:06:07): CustomFileMap::Read: Subfolder = savxp productID = {E17FE03B-0501-4aaa-BC69-0129D965F311}
    Trace(2017-Oct-03 11:06:07): CustomFileMap::Read: File path = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache\savxp.custom
    Trace(2017-Oct-03 11:06:07): CustomFileMap::Read: File exists and appears valid.
    Trace(2017-Oct-03 11:06:07): CIDUpdateLocation::OnNullUpdate complete.
    Trace(2017-Oct-03 11:06:07): Updating plugin cache for SAVXP
    Trace(2017-Oct-03 11:06:07): Successfully updated plugin cache for SAVXP
    Trace(2017-Oct-03 11:06:07): SimpleProduct::DoAction isLater==false skipAction==false isUninstall==false m_lastUpdateSucceeded==true numfilestocahce 1 Actiontype SetupNot preinstalled product
    Trace(2017-Oct-03 11:06:07): Null update
    Trace(2017-Oct-03 11:06:07): ALUpdate(Action.Skipped): Sophos AutoUpdate
    Trace(2017-Oct-03 11:06:07): Updating subscription information from product ID data.
    Trace(2017-Oct-03 11:06:07): Rigid name: E3D9A230-334F-44DC-8FF6-B4AF383B4FD9
    Trace(2017-Oct-03 11:06:07): Version: 10.7.2.2.3692.1
    Trace(2017-Oct-03 11:06:07): CIDUpdateLocation::OnNullUpdate...
    Trace(2017-Oct-03 11:06:07): CustomFileMap::CustomFileMap. CachePath = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache
    Trace(2017-Oct-03 11:06:07): CustomFileMap::Read: Subfolder = sau productID = {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
    Trace(2017-Oct-03 11:06:07): CustomFileMap::Read: File path = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache\sau.custom
    Trace(2017-Oct-03 11:06:07): CustomFileMap::Read: File exists and appears valid.
    Trace(2017-Oct-03 11:06:07): CIDUpdateLocation::OnNullUpdate complete.
    Trace(2017-Oct-03 11:06:07): Updating plugin cache for Sophos AutoUpdate
    Trace(2017-Oct-03 11:06:07): Successfully updated plugin cache for Sophos AutoUpdate
    Trace(2017-Oct-03 11:06:07): RMSMessageHandler: ALUpdateEnd
    Trace(2017-Oct-03 11:06:07): Sending message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
    Trace(2017-Oct-03 11:06:07): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
    Trace(2017-Oct-03 11:06:07): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
    Trace(2017-Oct-03 11:06:07): IPCSender::ProcessSend: No messages in queue, starting to wait
    Trace(2017-Oct-03 11:06:07): Telemetry::LoadTelemetrySupplement 300: Telemetry Interval set to 86400 seconds
    Trace(2017-Oct-03 11:06:07): Telemetry::LoadDocument 174: C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\\Config\TelemetryConfig.json loaded
    Trace(2017-Oct-03 11:06:07): Telemetry::LoadTelemetrySupplement 341: Telemetry Interval updated to 86400 seconds
    Trace(2017-Oct-03 11:06:07): Telemetry::CalculateLastTelemtryTime 89: Telemetry last ran at 2017-10-02 10:01:09, Offset 6705, Offset Time 2017-10-02 11:52:54
    Trace(2017-Oct-03 11:06:07): Telemetry::HasTelemetrySchedulePeriodElapsed 113: Telemetry schedule has not elapsed.
    Trace(2017-Oct-03 11:06:08): IPCSender::ProcessSend exiting
    Trace(2017-Oct-03 11:06:08): ALUpdate finished

     

    sophos console screen shot. i have blanked out the server name

  • Hello paul foley1,

    it clearly mentions the cache path and from the messages the cache should be populated (and the .msi in the \savxp subfolder). The differs and unknown stem from the fact that SAV fails to initialize with this "handle" error.
    Virus data are loaded from the SAV Program Files directory by SAVService.exe. The handle problem should be transient, wonder if Process Monitor could give a hint where it fails.

    Christian

Reply
  • Hello paul foley1,

    it clearly mentions the cache path and from the messages the cache should be populated (and the .msi in the \savxp subfolder). The differs and unknown stem from the fact that SAV fails to initialize with this "handle" error.
    Virus data are loaded from the SAV Program Files directory by SAVService.exe. The handle problem should be transient, wonder if Process Monitor could give a hint where it fails.

    Christian

Children
  • Hi QC

    would you like me to run the process monitor then reinstall sophos?

  • Hello paul foley1,

    no installation, update or the like. I'd run it just for the SAVService.exe process, in case the Sophos Anti-Virus service is running stop it, start Process Monitor and define the appropriate filter, then start the service. Guess the error is issued almost immediately (recorded both in SAV.txt and the Event log). 

    Christian   

  • A couple of thoughts:

    1. Can you run SAV32CLI, does this load the virus data OK?
    CMD running as admin:
    CD \Program Files\Sophos\Sophos Anti-Virus\
    SAV32CLI

    Does it error or scan?

    2. I've also seen such errors if there is an issue with the config files of SAV, specifically permissions.

    Can you check the permissions on the config directory and xml files (specifically machine.xml) under:
    \documents and settings\all users\application data\sophos\sophos anti-virus\config\.
    Can the SAVService.exe read/write to the config files OK given the account it is running as.  LocalService on 2003 I think.
    Maybe if you have a working XP/2003 server you can check the permissions match up.

    Hope it helps.

    Regards,

    Jak

  • Hi Jak

     

    1. scanning

     

    2. permissions all look ok

  • In that case maybe verbose trace logging of SAVService will indicate the issue.  Can you follow:

    https://community.sophos.com/kb/en-us/38027

    to get an enhanced SAV.txt when the SAV Service starts.

    Don't forget to disable it once you have a SAV.txt that covers the startup issue.

    Regards,

    Jak

  • hi Jak

     

    hope this is what you are looking for

     

    some info from the log. let me know if you need more

    20171004 093136 Debug: Begin ConfigureYourself() (File: .\PUAThreatComponentFactory.cpp, Line: 20)
    20171004 093136 Debug: End ConfigureYourself() (File: .\PUAThreatComponentFactory.cpp, Line: 49)
    20171004 093136 Debug: Begin ConfigureYourself() (File: .\ScannableMemoryFactory.cpp, Line: 70)
    20171004 093136 Debug: End ConfigureYourself() (File: .\ScannableMemoryFactory.cpp, Line: 99)
    20171004 093136 Debug: Begin ConfigureYourself() (File: .\ScannableRegistryFactory.cpp, Line: 78)
    20171004 093136 Debug: Begin ConfigureYourself() (File: .\ThreatCauseFactory.cpp, Line: 59)
    20171004 093136 Debug: End ConfigureYourself() (File: .\ThreatCauseFactory.cpp, Line: 103)
    20171004 093136 Debug: Begin BeginProcessing() (File: .\PUAThreatComponentFactory.cpp, Line: 58)
    20171004 093136 Debug: End BeginProcessing() (File: .\PUAThreatComponentFactory.cpp, Line: 60)
    20171004 093136 Debug: Begin BeginProcessing() (File: .\ScannableMemoryFactory.cpp, Line: 108)
    20171004 093136 Debug: End BeginProcessing() (File: .\ScannableMemoryFactory.cpp, Line: 110)
    20171004 093136 Debug: Begin BeginProcessing() (File: .\ThreatCauseFactory.cpp, Line: 112)
    20171004 093136 Debug: End BeginProcessing() (File: .\ThreatCauseFactory.cpp, Line: 114)
    20171004 093136 Debug: End ApplicationManager::ConfigureYourself (File: .\ApplicationManager-IManaged.cpp, Line: 35)
    20171004 093136 Debug: Begin ApplicationManager::BeginProcessing (File: .\ApplicationManager-IManaged.cpp, Line: 91)
    20171004 093136 Debug: End ApplicationManager::BeginProcessing (File: .\ApplicationManager-IManaged.cpp, Line: 91)
    20171004 093136 Debug: Begin CAuthorisationListManager::ConfigureYourself (File: .\AuthorisationListManager.cpp, Line: 78)
    20171004 093136 Debug: End CAuthorisationListManager::ConfigureYourself (File: .\AuthorisationListManager.cpp, Line: 95)
    20171004 093136 Debug: Begin CAuthorisationListManager::BeginProcessing (File: .\AuthorisationListManager.cpp, Line: 106)
    20171004 093136 Debug: Begin CAuthorisedFileList::LoadAuthorisedFileList (File: .\AuthorisedFileList.cpp, Line: 793)
    20171004 093136 Debug: End CAuthorisedFileList::LoadAuthorisedFileList (File: .\AuthorisedFileList.cpp, Line: 894)
    20171004 093136 Debug: End CAuthorisationListManager::BeginProcessing (File: .\AuthorisationListManager.cpp, Line: 127)
    20171004 093136 Debug: Begin CBackgroundScanFactory::ConfigureYourself (File: .\BackgroundScanFactory.cpp, Line: 56)
    20171004 093136 Debug: End CBackgroundScanFactory::ConfigureYourself (File: .\BackgroundScanFactory.cpp, Line: 73)
    20171004 093136 Debug: Begin CBackgroundScanFactory::BeginProcessing (File: .\BackgroundScanFactory.cpp, Line: 84)
    20171004 093136 Debug: End CBackgroundScanFactory::BeginProcessing (File: .\BackgroundScanFactory.cpp, Line: 100)
    20171004 093136 Debug: Begin BHOManager::ConfigureYourself (File: .\BHOManager.cpp, Line: 98)
    20171004 093136 Debug: End CTDEFactory::ConfigureYourself (File: .\TDEFactory.cpp, Line: 147)
    20171004 093136 Debug: End CScannableNodeFactory::ConfigureYourself (File: .\ScannableNodeFactory.cpp, Line: 184)
    20171004 093136 Debug: Begin ICManager::ConfigureYourself (File: .\ICManager-IManaged.cpp, Line: 79)
    20171004 093136 Debug: End CScannableDirItemFactory::ConfigureYourself (File: .\ScannableDirItemFactory.cpp, Line: 308)
    20171004 093136 Debug: Begin ConfigureYourself() (File: .\ScannableSectorFactory.cpp, Line: 73)
    20171004 093136 Debug: End ConfigureYourself() (File: .\ScannableSectorFactory.cpp, Line: 98)
    20171004 093136 Debug: Begin BeginProcessing() (File: .\ScannableSectorFactory.cpp, Line: 107)
    20171004 093136 Debug: End BeginProcessing() (File: .\ScannableSectorFactory.cpp, Line: 109)
    20171004 093136 Debug: Begin CVEManager::ConfigureYourself (File: .\VEManager.cpp, Line: 69)
    20171004 093136 Debug: End CVEManager::ConfigureYourself (File: .\VEManager.cpp, Line: 94)
    20171004 093136 Debug: Begin CVEManager::BeginProcessing (File: .\VEManager.cpp, Line: 141)
    20171004 093136 Debug: SupplementaryData::Load(): Begin Method (File: .\SupplementaryData.cpp, Line: 10)
    20171004 093136 Debug: BPAAdapterFactory::GetNewBPAAdapterInstance(): Begin Method (File: .\BPAAdapterFactory.cpp, Line: 12)
    20171004 093136 Debug: BPAAdapterFactory::GetNewBPAAdapterInstance(): Initialise failed for BPA proxy factory(0xa0040210) (File: .\BPAAdapterFactory.cpp, Line: 51)
    20171004 093136 Unable to load main virus data
    20171004 093136 Debug: End CVEManager::BeginProcessing (File: .\VEManager.cpp, Line: 205)
    20171004 093136 Debug: Begin ICManager::UpdateUseLocalChecksums (File: .\ICManager-IManaged.cpp, Line: 644)
    20171004 093136 Debug: Local checksums auto disabled. (File: .\ICManager-IManaged.cpp, Line: 675)
    20171004 093136 Debug: End ICManager::UpdateUseLocalChecksums (File: .\ICManager-IManaged.cpp, Line: 700)
    20171004 093136 Debug: Local checksum control initialised successfully. (File: .\ICManager-IManaged.cpp, Line: 344)
    20171004 093136 Debug: End ICManager::ConfigureYourself (File: .\ICManager-IManaged.cpp, Line: 495)
    20171004 093136 Debug: Begin ICManager::BeginProcessing (File: .\ICManager-IManaged.cpp, Line: 818)
    20171004 093136 Debug: Begin CTDEFactory::GetTDE (File: .\TDEFactory.cpp, Line: 50)
    20171004 093136 Debug: End CThreatDetectionEngine::SetLogSourceFactory (File: .\ThreatDetectionEngine.cpp, Line: 494)
    20171004 093136 Debug: Begin CThreatDetectionEngine::Configure (File: .\ThreatDetectionEngine.cpp, Line: 281)
    20171004 093136 Debug: Begin CThreatDetectionEngine::CloneClip (File: .\ThreatDetectionEngine.cpp, Line: 1199)
    20171004 093136 Debug: Begin CTDEFactory::GetFactory (File: .\TDEFactory.cpp, Line: 171)
    20171004 093136 Debug: End CTDEFactory::GetFactory (File: .\TDEFactory.cpp, Line: 204)
    20171004 093136 Debug: End CThreatDetectionEngine::CloneClip (File: .\ThreatDetectionEngine.cpp, Line: 1280)
    20171004 093136 Debug: Begin CThreatDetectionEngine::CreateAndConfigureProcessor (File: .\ThreatDetectionEngine.cpp, Line: 565)
    20171004 093136 Debug: Begin GetClipAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 144)
    20171004 093136 Debug: Begin GetANode (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 27)
    20171004 093136 Debug: End GetANode (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 64)
    20171004 093136 Debug: Begin GetNodeAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 74)
    20171004 093136 Debug: End GetNodeAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 93)
    20171004 093136 Debug: End GetClipAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 166)
    20171004 093136 Debug: SOCDecomposerFactory (File: .\ThreatDetectionEngine.cpp, Line: 610)
    20171004 093136 Debug: Begin CTDEFactory::GetFactory (File: .\TDEFactory.cpp, Line: 171)
    20171004 093136 Debug: End CSOCDecomposerFactory::ConfigureYourself (File: .\SOCDecomposerFactory.cpp, Line: 95)
    20171004 093136 Debug: Begin CSOCDecomposerFactory::BeginProcessing (File: .\SOCDecomposerFactory.cpp, Line: 110)
    20171004 093136 Debug: The Scannable Object Decomposer is ready to begin processing (File: .\SOCDecomposerFactory.cpp, Line: 117)
    20171004 093136 Debug: End CSOCDecomposerFactory::BeginProcessing (File: .\SOCDecomposerFactory.cpp, Line: 129)
    20171004 093136 Debug: End CTDEFactory::GetFactory (File: .\TDEFactory.cpp, Line: 204)
    20171004 093136 Debug: Begin CSOCDecomposerFactory::CreateProcessor (File: .\SOCDecomposerFactory.cpp, Line: 195)
    20171004 093136 Debug: End CSOCDecomposerFactory::CreateProcessor (File: .\SOCDecomposerFactory.cpp, Line: 251)
    20171004 093136 Debug: End CSOCDecomposer::SetLogSourceFactory (File: .\SOCDecomposer.cpp, Line: 382)
    20171004 093136 Debug: Begin IsClipEmpty (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 102)
    20171004 093136 Debug: End IsClipEmpty (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 134)
    20171004 093136 Debug: Begin CSOCDecomposer::SetConfig (File: .\SOCDecomposer.cpp, Line: 133)
    20171004 093136 Debug: End CSOCDecomposer::SetConfig (File: .\SOCDecomposer.cpp, Line: 153)
    20171004 093136 Debug: End CThreatDetectionEngine::CreateAndConfigureProcessor (File: .\ThreatDetectionEngine.cpp, Line: 687)
    20171004 093136 Debug: Begin CThreatDetectionEngine::GetProcessorData (File: .\ThreatDetectionEngine.cpp, Line: 700)
    20171004 093136 Debug: End CThreatDetectionEngine::GetProcessorData (File: .\ThreatDetectionEngine.cpp, Line: 729)
    20171004 093136 Debug: Begin CThreatDetectionEngine::CreateAndConfigureProcessor (File: .\ThreatDetectionEngine.cpp, Line: 565)
    20171004 093136 Debug: Begin GetClipAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 144)
    20171004 093136 Debug: Begin GetANode (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 27)
    20171004 093136 Debug: End GetANode (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 64)
    20171004 093136 Debug: Begin GetNodeAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 74)
    20171004 093136 Debug: End GetNodeAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 93)
    20171004 093136 Debug: End GetClipAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 166)
    20171004 093136 Debug: DriverOperationsFactory (File: .\ThreatDetectionEngine.cpp, Line: 610)
    20171004 093136 Debug: Begin CTDEFactory::GetFactory (File: .\TDEFactory.cpp, Line: 171)
    20171004 093136 Debug: Begin IManagedFullImpl<class CDriverFactoryGenerator<class CDriverOperations,103,&struct __s_GUID const _GUID_0ceb72a8_6b76_4ffb_adb4_d9d17c7bd63f>,&struct __s_GUID const _GUID_0ceb72a8_6b76_4ffb_adb4_d9d17c7bd63f,class ATL::CComAutoCriticalSection>::ConfigureYourself (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 63)
    20171004 093136 Debug: End IManagedFullImpl<class CDriverFactoryGenerator<class CDriverOperations,103,&struct __s_GUID const _GUID_0ceb72a8_6b76_4ffb_adb4_d9d17c7bd63f>,&struct __s_GUID const _GUID_0ceb72a8_6b76_4ffb_adb4_d9d17c7bd63f,class ATL::CComAutoCriticalSection>::ConfigureYourself (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 78)
    20171004 093136 Debug: Begin IManagedFullImpl<class CDriverFactoryGenerator<class CDriverOperations,103,&struct __s_GUID const _GUID_0ceb72a8_6b76_4ffb_adb4_d9d17c7bd63f>,&struct __s_GUID const _GUID_0ceb72a8_6b76_4ffb_adb4_d9d17c7bd63f,class ATL::CComAutoCriticalSection>::BeginProcessing (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 98)
    20171004 093136 Debug: End IManagedFullImpl<class CDriverFactoryGenerator<class CDriverOperations,103,&struct __s_GUID const _GUID_0ceb72a8_6b76_4ffb_adb4_d9d17c7bd63f>,&struct __s_GUID const _GUID_0ceb72a8_6b76_4ffb_adb4_d9d17c7bd63f,class ATL::CComAutoCriticalSection>::BeginProcessing (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 110)
    20171004 093136 Debug: End CTDEFactory::GetFactory (File: .\TDEFactory.cpp, Line: 204)
    20171004 093136 Debug: Begin IProcessorCreatorImpl<class CDriverFactoryGenerator<class CDriverOperations,103,&struct __s_GUID const _GUID_0ceb72a8_6b76_4ffb_adb4_d9d17c7bd63f>,class CDriverOperations>::CreateProcessor (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorCreatorImpl.h, Line: 57)
    20171004 093136 Debug: End IProcessorCreatorImpl<class CDriverFactoryGenerator<class CDriverOperations,103,&struct __s_GUID const _GUID_0ceb72a8_6b76_4ffb_adb4_d9d17c7bd63f>,class CDriverOperations>::CreateProcessor (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorCreatorImpl.h, Line: 106)
    20171004 093136 Debug: End IProcessorFullImpl<class CDriverProcessorGenerator<struct IControlOperations,102,&struct _GUID const CLSID_DriverOperations>,&struct _GUID const CLSID_DriverOperations,class ATL::CComAutoCriticalSection>::SetLogSourceFactory (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorFullImpl.h, Line: 143)
    20171004 093136 Debug: Begin IsClipEmpty (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 102)
    20171004 093136 Debug: End IsClipEmpty (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 134)
    20171004 093136 Debug: Begin IProcessorFullImpl<class CDriverProcessorGenerator<struct IControlOperations,102,&struct _GUID const CLSID_DriverOperations>,&struct _GUID const CLSID_DriverOperations,class ATL::CComAutoCriticalSection>::SetConfig (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorFullImpl.h, Line: 57)
    20171004 093136 Debug: End IProcessorFullImpl<class CDriverProcessorGenerator<struct IControlOperations,102,&struct _GUID const CLSID_DriverOperations>,&struct _GUID const CLSID_DriverOperations,class ATL::CComAutoCriticalSection>::SetConfig (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorFullImpl.h, Line: 76)
    20171004 093136 Debug: End CThreatDetectionEngine::CreateAndConfigureProcessor (File: .\ThreatDetectionEngine.cpp, Line: 687)
    20171004 093136 Debug: Begin CThreatDetectionEngine::GetProcessorData (File: .\ThreatDetectionEngine.cpp, Line: 700)
    20171004 093136 Debug: End CThreatDetectionEngine::GetProcessorData (File: .\ThreatDetectionEngine.cpp, Line: 729)
    20171004 093136 Debug: Begin CThreatDetectionEngine::CreateAndConfigureProcessor (File: .\ThreatDetectionEngine.cpp, Line: 565)
    20171004 093136 Debug: Begin GetClipAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 144)
    20171004 093136 Debug: Begin GetANode (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 27)
    20171004 093136 Debug: End GetANode (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 64)
    20171004 093136 Debug: Begin GetNodeAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 74)
    20171004 093136 Debug: End GetNodeAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 93)
    20171004 093136 Debug: End GetClipAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 166)
    20171004 093136 Debug: DriverExtensionsFactory (File: .\ThreatDetectionEngine.cpp, Line: 610)
    20171004 093136 Debug: Begin CTDEFactory::GetFactory (File: .\TDEFactory.cpp, Line: 171)
    20171004 093136 Debug: Begin IManagedFullImpl<class CDriverFactoryGenerator<class CDriverExtensions,105,&struct __s_GUID const _GUID_6f75e68a_ec54_427a_bf3f_936c2c22cfa8>,&struct __s_GUID const _GUID_6f75e68a_ec54_427a_bf3f_936c2c22cfa8,class ATL::CComAutoCriticalSection>::ConfigureYourself (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 63)
    20171004 093136 Debug: End IManagedFullImpl<class CDriverFactoryGenerator<class CDriverExtensions,105,&struct __s_GUID const _GUID_6f75e68a_ec54_427a_bf3f_936c2c22cfa8>,&struct __s_GUID const _GUID_6f75e68a_ec54_427a_bf3f_936c2c22cfa8,class ATL::CComAutoCriticalSection>::ConfigureYourself (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 78)
    20171004 093136 Debug: Begin IManagedFullImpl<class CDriverFactoryGenerator<class CDriverExtensions,105,&struct __s_GUID const _GUID_6f75e68a_ec54_427a_bf3f_936c2c22cfa8>,&struct __s_GUID const _GUID_6f75e68a_ec54_427a_bf3f_936c2c22cfa8,class ATL::CComAutoCriticalSection>::BeginProcessing (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 98)
    20171004 093136 Debug: End IManagedFullImpl<class CDriverFactoryGenerator<class CDriverExtensions,105,&struct __s_GUID const _GUID_6f75e68a_ec54_427a_bf3f_936c2c22cfa8>,&struct __s_GUID const _GUID_6f75e68a_ec54_427a_bf3f_936c2c22cfa8,class ATL::CComAutoCriticalSection>::BeginProcessing (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 110)
    20171004 093136 Debug: End CTDEFactory::GetFactory (File: .\TDEFactory.cpp, Line: 204)
    20171004 093136 Debug: Begin IProcessorCreatorImpl<class CDriverFactoryGenerator<class CDriverExtensions,105,&struct __s_GUID const _GUID_6f75e68a_ec54_427a_bf3f_936c2c22cfa8>,class CDriverExtensions>::CreateProcessor (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorCreatorImpl.h, Line: 57)
    20171004 093136 Debug: End IProcessorCreatorImpl<class CDriverFactoryGenerator<class CDriverExtensions,105,&struct __s_GUID const _GUID_6f75e68a_ec54_427a_bf3f_936c2c22cfa8>,class CDriverExtensions>::CreateProcessor (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorCreatorImpl.h, Line: 106)
    20171004 093136 Debug: End IProcessorFullImpl<class CDriverProcessorGenerator<struct IControlList,104,&struct _GUID const CLSID_DriverExtensions>,&struct _GUID const CLSID_DriverExtensions,class ATL::CComAutoCriticalSection>::SetLogSourceFactory (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorFullImpl.h, Line: 143)
    20171004 093136 Debug: Begin IsClipEmpty (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 102)
    20171004 093136 Debug: End IsClipEmpty (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 134)
    20171004 093136 Debug: Begin IProcessorFullImpl<class CDriverProcessorGenerator<struct IControlList,104,&struct _GUID const CLSID_DriverExtensions>,&struct _GUID const CLSID_DriverExtensions,class ATL::CComAutoCriticalSection>::SetConfig (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorFullImpl.h, Line: 57)
    20171004 093136 Debug: End IProcessorFullImpl<class CDriverProcessorGenerator<struct IControlList,104,&struct _GUID const CLSID_DriverExtensions>,&struct _GUID const CLSID_DriverExtensions,class ATL::CComAutoCriticalSection>::SetConfig (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorFullImpl.h, Line: 76)
    20171004 093136 Debug: End CThreatDetectionEngine::CreateAndConfigureProcessor (File: .\ThreatDetectionEngine.cpp, Line: 687)
    20171004 093136 Debug: Begin CThreatDetectionEngine::GetProcessorData (File: .\ThreatDetectionEngine.cpp, Line: 700)
    20171004 093136 Debug: End CThreatDetectionEngine::GetProcessorData (File: .\ThreatDetectionEngine.cpp, Line: 729)
    20171004 093136 Debug: Begin CThreatDetectionEngine::CreateAndConfigureProcessor (File: .\ThreatDetectionEngine.cpp, Line: 565)
    20171004 093136 Debug: Begin GetClipAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 144)
    20171004 093136 Debug: Begin GetANode (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 27)
    20171004 093136 Debug: End GetANode (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 64)
    20171004 093136 Debug: Begin GetNodeAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 74)
    20171004 093136 Debug: End GetNodeAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 93)
    20171004 093136 Debug: End GetClipAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 166)
    20171004 093136 Debug: FileExclusionsFactory (File: .\ThreatDetectionEngine.cpp, Line: 610)
    20171004 093136 Debug: Begin CTDEFactory::GetFactory (File: .\TDEFactory.cpp, Line: 171)
    20171004 093136 Debug: Begin IManagedFullImpl<class CDriverFactoryGenerator<class CFileExclusions,111,&struct __s_GUID const _GUID_d98db382_c36f_49cb_9927_013b9a4202af>,&struct __s_GUID const _GUID_d98db382_c36f_49cb_9927_013b9a4202af,class ATL::CComAutoCriticalSection>::ConfigureYourself (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 63)
    20171004 093136 Debug: End IManagedFullImpl<class CDriverFactoryGenerator<class CFileExclusions,111,&struct __s_GUID const _GUID_d98db382_c36f_49cb_9927_013b9a4202af>,&struct __s_GUID const _GUID_d98db382_c36f_49cb_9927_013b9a4202af,class ATL::CComAutoCriticalSection>::ConfigureYourself (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 78)
    20171004 093136 Debug: Begin IManagedFullImpl<class CDriverFactoryGenerator<class CFileExclusions,111,&struct __s_GUID const _GUID_d98db382_c36f_49cb_9927_013b9a4202af>,&struct __s_GUID const _GUID_d98db382_c36f_49cb_9927_013b9a4202af,class ATL::CComAutoCriticalSection>::BeginProcessing (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 98)
    20171004 093136 Debug: End IManagedFullImpl<class CDriverFactoryGenerator<class CFileExclusions,111,&struct __s_GUID const _GUID_d98db382_c36f_49cb_9927_013b9a4202af>,&struct __s_GUID const _GUID_d98db382_c36f_49cb_9927_013b9a4202af,class ATL::CComAutoCriticalSection>::BeginProcessing (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 110)
    20171004 093136 Debug: End CTDEFactory::GetFactory (File: .\TDEFactory.cpp, Line: 204)
    20171004 093136 Debug: Begin IProcessorCreatorImpl<class CDriverFactoryGenerator<class CFileExclusions,111,&struct __s_GUID const _GUID_d98db382_c36f_49cb_9927_013b9a4202af>,class CFileExclusions>::CreateProcessor (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorCreatorImpl.h, Line: 57)
    20171004 093136 Debug: End IProcessorCreatorImpl<class CDriverFactoryGenerator<class CFileExclusions,111,&struct __s_GUID const _GUID_d98db382_c36f_49cb_9927_013b9a4202af>,class CFileExclusions>::CreateProcessor (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorCreatorImpl.h, Line: 106)
    20171004 093136 Debug: End IProcessorFullImpl<class CDriverProcessorGenerator<struct IControlList,110,&struct _GUID const CLSID_FileExclusions>,&struct _GUID const CLSID_FileExclusions,class ATL::CComAutoCriticalSection>::SetLogSourceFactory (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorFullImpl.h, Line: 143)
    20171004 093136 Debug: Begin IsClipEmpty (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 102)
    20171004 093136 Debug: End IsClipEmpty (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 134)
    20171004 093136 Debug: Begin IProcessorFullImpl<class CDriverProcessorGenerator<struct IControlList,110,&struct _GUID const CLSID_FileExclusions>,&struct _GUID const CLSID_FileExclusions,class ATL::CComAutoCriticalSection>::SetConfig (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorFullImpl.h, Line: 57)
    20171004 093136 Debug: End IProcessorFullImpl<class CDriverProcessorGenerator<struct IControlList,110,&struct _GUID const CLSID_FileExclusions>,&struct _GUID const CLSID_FileExclusions,class ATL::CComAutoCriticalSection>::SetConfig (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorFullImpl.h, Line: 76)
    20171004 093136 Debug: End CThreatDetectionEngine::CreateAndConfigureProcessor (File: .\ThreatDetectionEngine.cpp, Line: 687)
    20171004 093136 Debug: Begin CThreatDetectionEngine::GetProcessorData (File: .\ThreatDetectionEngine.cpp, Line: 700)
    20171004 093136 Debug: End CThreatDetectionEngine::GetProcessorData (File: .\ThreatDetectionEngine.cpp, Line: 729)
    20171004 093136 Debug: Begin CThreatDetectionEngine::CreateAndConfigureProcessor (File: .\ThreatDetectionEngine.cpp, Line: 565)
    20171004 093136 Debug: Begin GetClipAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 144)
    20171004 093136 Debug: Begin GetANode (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 27)
    20171004 093136 Debug: End GetANode (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 64)
    20171004 093136 Debug: Begin GetNodeAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 74)
    20171004 093136 Debug: End GetNodeAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 93)

  • It would be interesting to see a working 2003 server log with this level of logging from service startup for reference but I assume the error in red is the problem:

    20171004 093136 Debug: BPAAdapterFactory::GetNewBPAAdapterInstance(): Begin Method (File: .\BPAAdapterFactory.cpp, Line: 12)
    20171004 093136 Debug: BPAAdapterFactory::GetNewBPAAdapterInstance(): Initialise failed for BPA proxy factory(0xa0040210) (File: .\BPAAdapterFactory.cpp, Line: 51)
    20171004 093136 Unable to load main virus data

    The next line following it is the line you see in SAV.txt under regular logging, i.e. "Unable to load main virus data".

    Is:

    20171004 093136 Debug: Begin ConfigureYourself() (File: .\PUAThreatComponentFactory.cpp, Line: 20)

    Really the first line in the log when starting the service?

    Is the error I mention the first one since the start of the service and before the line "Unable to load main virus data"?

    Regards,

    Jak