i have 4-5 windows 7 pro machines with the following error after migrating to sophos central.
Failed to install savxp: 80041f19.
some of the services are not installed at all.
only the following are installed with green ticks.
is it due to existing AV software on the machines.
i tried on one machine to uninstall everything and then re-install but it still fails to install completely
this is the last action of avremove.log file
Sophos Anti-Virus software detector - Version 2.14.0.28
Copyright (C) 2003-2018 Sophos Limited. All rights reserved.
Running OS: Microsoft Windows 7 Service Pack 1 [Version 6.01.7601]
Removing detected products...
AVRemove finished. 1 product found, 0 products removed. Report logged to : C:\windows\TEMP\avremove.log
26 Jul 2018 20:36:58 Info: ==============================================
26 Jul 2018 20:36:58 Info: Running OS: Microsoft Windows 7 Service Pack 1 [Version 6.01.7601]
26 Jul 2018 20:36:58 Info: Current Competitor Removal Tool Settings
26 Jul 2018 20:36:58 Info: Product Version: Version 2.14.0.28
26 Jul 2018 20:36:58 Info: Using Product Catalog: Default
26 Jul 2018 20:36:58 Info: Run On Servers: True
26 Jul 2018 20:36:58 Info: Detection Only: False
26 Jul 2018 20:36:58 Info: Remove Anti-Virus: True
26 Jul 2018 20:36:58 Info: Remove Product Suites: True
26 Jul 2018 20:36:58 Info: Remove Firewalls: True
26 Jul 2018 20:36:58 Info: Remove Update Tools: False
26 Jul 2018 20:36:58 Info: Log Tracing: False
26 Jul 2018 20:36:58 Info: Log to C:\windows\TEMP\avremove.log
26 Jul 2018 20:36:58 Info: Default system language: en_SG
26 Jul 2018 20:36:58 Info: Default character encoding: cp1252
26 Jul 2018 20:36:58 Info: Operating system is 64-bit: True
26 Jul 2018 20:36:58 Info: Detected Microsoft Security Client version 4.5.x, 4.8.0204.0
26 Jul 2018 20:36:58 Info: ==============================================
26 Jul 2018 20:36:58 Info: Removing detected products...
26 Jul 2018 20:36:58 Info: Starting removal of Microsoft Security Client version 4.5.x, 4.8.0204.0
26 Jul 2018 20:36:58 Info: Creating new process C:\Windows\system32\\MsiExec.exe /X {D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6} /q REBOOT=ReallySuppress
26 Jul 2018 20:40:54 Info: Removal process ended normally: exit code 1603
26 Jul 2018 20:40:54 Failure: Removal of Microsoft Security Client version 4.5.x, 4.8.0204.0 failed
26 Jul 2018 20:40:54 Failure: Return code 1603
26 Jul 2018 20:40:54 Info: Competitor Removal Tool exit code 16
26 Jul 2018 20:40:54 Info: AVRemove finished. 1 product found, 0 products removed. Report logged to : C:\windows\TEMP\avremove.log
Sophos Anti-Virus software detector - Version 2.14.0.28
Copyright (C) 2003-2018 Sophos Limited. All rights reserved.
Running OS: Microsoft Windows 7 Service Pack 1 [Version 6.01.7601]
Removing detected products...
AVRemove finished. 1 product found, 0 products removed. Report logged to : C:\windows\TEMP\avremove.log
This is the fatal error:
MSI (s) (90:E4) [09:40:06:662]: Invoking remote custom action. DLL: C:\windows\Installer\MSI925F.tmp, Entrypoint: MpUninstallDriver
WIXFXCA: MpUninstallDriver: INFO: MpDrvInst - uninstallation begin.
WIXFXCA: MpUninstallDriver: INFO: Driver package located at c:\Program Files\Microsoft Security Client\Drivers\mpfilter\
WIXFXCA: MpUninstallDriver: INFO: Driver service name is mpfilter
WIXFXCA: MpUninstallDriver: ERROR: HrControlService failed, code 0x8007041b
WIXFXCA: MpUninstallDriver: ERROR: Timeout waiting for driver mpfilter to stop.
WIXFXCA: MpUninstallDriver: ERROR: StopAndDeleteService failed, code 0x800705b4
WIXFXCA: MpUninstallDriver: ERROR: SetupCommon::UninstallMiniFilter failed, code 0x800705b4
WIXFXCA: MpUninstallDriver: ERROR: HrMpUninstallMinifilter failed, code 0x800705b4
WIXFXCA: MpUninstallDriver: INFO: MpDrvInst - uninstallation end.
WIXFXCA: MpUninstallDriver: ERROR: MpUninstallDriver failed, code 0x800705b4
CustomAction UninstallMpFilterDriver returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
I don't have this software to check, but I assume this is a a file system mini filter.
0x8007041b (WIN32: 1051 ERROR_DEPENDENT_SERVICES_RUNNING) -- 2147943451 (-2147023845)
0x800705b4 (WIN32: 1460 ERROR_TIMEOUT) -- 2147943860 (-2147023436)
Maybe have a Google for others where this MpUninstallDriver Custom Action has failed with similar error codes.
Regards,
Jak
Well the issue is with the uninstall of the other product. You might be able to "hide" its presence from the Sophos installer.
Where it say:
26 Jul 2018 20:36:58 Info: Operating system is 64-bit: True
26 Jul 2018 20:36:58 Info: Detected Microsoft Security Client version 4.5.x, 4.8.0204.0
presumably it's looking in the registry under:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
or
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall
for the product "Microsoft Security Client" if you can find it, you could rename the registry key to hide it and then attempt a re-install.
A Process Monitor would reveal what is being found.
Regards,
Jak
Looking in:
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\crt\data.zip\ProductCatalog.xml
I see:
<subproduct Version="4.5.x, 4.8.0204.0" DisplayName="Microsoft Security Client" KeyName="{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}" ProductClass="av" PostRemoveScript="MSSSPostRemove.xml"/>
Do you have:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}
or
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}
Otherwise, I would run Process Monitor to work out what is being found.
Regards,
Jak
