Installation fails withour Error or Gui

Hi, ime trying to install Sophos Endpoint for the first Time on a pretty fresh Installation of Win 10 1809.

The installation fails within a Second without showing the Gui or an Proper Error in the Logs

There is not Firewall or other AV installed.


Here is the Log and a Record of Proccess Monitor in multiply Formats showing everything the installer exe did >

  • Please copy paste the Cloud installer logs from the following location in this thread


  • In reply to AJ Singh:

    Allready did so?

  • In reply to Playa Mizusy:

    Apologies, I didn't noticed that you have uploaded the cloud installer logs as well. 

    I checked the logs and it seems like endpoint is failing to connect to sophos servers

    Please whitelist sophos domains as per below KB article

    Also, for testing perspective, Please connect your endpoint to mobile hotspot and trying running the installer again

  • In reply to AJ Singh:

    There are no Firewalls, UTMs or other mechanism that could interrupt the connection to the Servers. Ime only using the Cloudflare DNS but that shouldent be the Problem.

    To be sure i tried it with a Mobile Hotspot (no vpns, proxys and stuff there aswell) but the Log showed exactly the same.

    I cant imagine the Source of this Problem, the installer is Freshly downloaded from the Central.

    For a test i even downloaded the Stage 2 installer manually to be sure that works.

  • In reply to Playa Mizusy:


    Ensure that you have installed all of the current Windows updates on this server.

    Another thing to check, as the new installer checks for certs:
    Open up mmc > File > Add Snap-in > Certificates > Computer account > OK.. OK... OK..
    Expand certificates > Trusted Root Certification Authorities and compare with a machine that does install.  Add any certs that are missing.

    Once added, try installing again.

  • In reply to DianneY:

    >Up to Date

    >Imported all Certs from the other PC

    Dident work, everything is the same.

    To be sure i deleted every File and Reg Entry containing "Sophos", but that dident help.


    BTW, its an Desktop not a Server

  • In reply to Playa Mizusy:


    Send us the newest CloudInstaller log, maybe something has changed in it since the last change you have made?

    EDIT: Also check to see if UAC is set to HIGH. I've seen that that was the issue a couple of times.



  • In reply to DianneY:


    UAC is set to the lowest Value.

    Here is the Log, the last Lines seem identical

    2019-06-12T19:21:57.3374465Z INFO : Stage 1 command-line options:
    2019-06-12T19:21:57.3374465Z INFO : ---
    2019-06-12T19:21:57.3374465Z INFO : Quiet mode on: 0
    2019-06-12T19:21:57.3374465Z INFO : Automatic Proxy detection disabled: 0
    2019-06-12T19:21:57.3374465Z INFO : No feedback mode on: 0
    2019-06-12T19:21:57.3374465Z INFO : Dump feedback enabled: 0
    2019-06-12T19:21:57.3374465Z INFO : Bypass competitor removal: 0
    2019-06-12T19:21:57.3384449Z INFO : Using CRT catalog file path: --
    2019-06-12T19:21:57.3384449Z INFO : Only register endpoint with Central: 0
    2019-06-12T19:21:57.3394445Z INFO : Log messages between endpoint and Central: 0
    2019-06-12T19:21:57.3394445Z INFO : Log command-line passed to executables: 0
    2019-06-12T19:21:57.3394445Z INFO : Using custom server: --
    2019-06-12T19:21:57.3394445Z INFO : Using custom stage 2 filename: --
    2019-06-12T19:21:57.3394445Z INFO : Using cloud user: --
    2019-06-12T19:21:57.3394445Z INFO : Using cloud group: --
    2019-06-12T19:21:57.3394445Z INFO : Overriding computer name: --
    2019-06-12T19:21:57.3394445Z INFO : Overriding computer description: --
    2019-06-12T19:21:57.3394445Z INFO : Overriding domain name: --
    2019-06-12T19:21:57.3394445Z INFO : Language will be set to: --
    2019-06-12T19:21:57.3394445Z INFO : Using message relays: --
    2019-06-12T19:21:57.3404434Z INFO : Proxy address: --
    2019-06-12T19:21:57.3404434Z INFO : Proxy user name: --
    2019-06-12T19:21:57.3404434Z INFO : Using custom customer token: --
    2019-06-12T19:21:57.3404434Z INFO : Using specified products: --
    2019-06-12T19:21:57.3404434Z INFO : Using certificates from the MCS app data folder: 0
    2019-06-12T19:21:57.3404434Z INFO : ---
    2019-06-12T19:21:57.3464405Z INFO : Sending HTTP 'GET' request to: full/central/windows/business/installer/latest.tar.gz
    2019-06-12T19:21:57.3504365Z WARNING : WinHttpGetProxyForUrl returned: 12180
    2019-06-12T19:21:57.3504365Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
    2019-06-12T19:21:57.3514369Z INFO : Set security protocol: 00000800
    2019-06-12T19:21:57.3514369Z INFO : Opening connection to
    2019-06-12T19:21:57.3514369Z INFO : Request content size: 0


    Just an Idea, can i maybe run the Stage 2 Installer without the Stage 1 Installer?

    Downloading from works fine in my Bowser, just the installer seems to fail

  • In reply to Playa Mizusy:


    That's probably not recommended since Stage 1 also gets information like Management Communications System (MCS) server instance it connects to, a registration token and where to get the stage 2 installer. You might want to check Application Event Logs to see if there are any crashes logged there. Please raise a Support case to have this issue reviewed further, and be ready to provide SDU logs (after gathering all requested logs), a Process Monitor Log (All Events, saved as PML), and possibly a Wireshark capture while running the installation.