Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 45544 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Failed to uninstall Sophos AV

Recruit1

Hello.

I need to uninstall Sophos endpoint from Win7Pro 64bit PC.

I logged-in PC with local Administrator accout and uninstalled these components from control panel without problem.

-Network Threat protection

-System Protection

Removal error happned when I tried to uninstall Sophos Anti-virus.

I took a log by using command line, but can't see what is the problem is.

--------------------------------------------------

MSI (s) (A4:A8) [08:26:13:901]: Note: 1: 1725

MSI (s) (A4:A8) [08:26:13:901]: Transforming table Error.

MSI (s) (A4:A8) [08:26:13:901]: Transforming table Error.

MSI (s) (A4:A8) [08:26:13:901]: Product: Sophos Anti-Virus -- Removal failed.

MSI (s) (A4:A8) [08:26:13:901]: Product: Sophos Anti-Virus、ProductVersion: 10.7.2.49、: 1033、: Sophos Limited、Error: 1603

MSI (s) (A4:A8) [08:26:13:901]: Deferring clean up of packages/files, if any exist

MSI (s) (A4:A8) [08:26:13:901]: MainEngineThread is returning 1603

MSI (s) (A4:B0) [08:26:13:901]: No System Restore sequence number for this installation.

=== Log End : 2017/12/14  8:26:13 ===

MSI (s) (A4:B0) [08:26:13:901]: User policy value 'DisableRollback' is 0

MSI (s) (A4:B0) [08:26:13:901]: Machine policy value 'DisableRollback' is 0

MSI (s) (A4:B0) [08:26:13:901]: Incrementing counter to disable shutdown. Counter after increment: 0

MSI (s) (A4:B0) [08:26:13:901]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2

MSI (s) (A4:B0) [08:26:13:901]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2

MSI (s) (A4:B0) [08:26:13:901]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1

MSI (s) (A4:B0) [08:26:13:901]: Restoring environment variables

MSI (s) (A4:B0) [08:26:13:901]: Destroying RemoteAPI object.

MSI (s) (A4:68) [08:26:13:916]: Custom Action Manager thread ending.

MSI (c) (18:F8) [08:26:13:916]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1

MSI (c) (18:F8) [08:26:13:916]: MainEngineThread is returning 1603

=== Verbose logging stopped: 2017/12/14  8:26:13 ===

Any ideas?

Thank you.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Recruit1,

    the messages "near the end" of an MSI log are essentially a summary. The actual error is further up, somewhere in the lines above one that contains Return Value 3.

    Christian

  • 0 in reply to QC

    Dear QC.

    Thank you for reply.

    I found Return value 3 and it seems that MSinstaller has  a problem.

    It will be appreciated if you take a look.

    MSI (s) (A4:CC) [08:26:03:667]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIF91D.tmp, Entrypoint: RemoveSAVI
    MSI (s) (A4:A8) [08:26:03:683]: Executing op: ActionStart(Name=UninstallDriverFiles64Vista,,)
    MSI (s) (A4:A8) [08:26:03:683]: Executing op: CustomActionSchedule(Action=UninstallDriverFiles64Vista,ActionType=1058,Source=C:\Windows\SysWOW64\,Target="C:\Program Files (x86)\Sophos\Sophos Anti-Virus\NATIVE.EXE" /lhu "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVONACCESSDRIV.INF",)
    MSI (s) (A4:A8) [08:26:03:792]: Note: 1: 1722 2: UninstallDriverFiles64Vista 3: C:\Windows\SysWOW64\ 4: "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\NATIVE.EXE" /lhu "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVONACCESSDRIV.INF"
    MSI (s) (A4:A8) [08:26:03:792]: Transforming table Error.

    CustomAction UninstallDriverFiles64Vista returned actual error code -1071 (note this may not be 100% accurate if translation happened inside sandbox)
    MSI (s) (A4:A8) [08:26:03:792]: Transforming table Error.

    MSI (s) (A4:A8) [08:26:03:792]: Product: Sophos Anti-Virus -- error 1722 There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  Action UninstallDriverFiles64Vista, location: C:\Windows\SysWOW64\, command: "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\NATIVE.EXE" /lhu "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVONACCESSDRIV.INF"

    Error 1722 There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  Action UninstallDriverFiles64Vista, location: C:\Windows\SysWOW64\, command: "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\NATIVE.EXE" /lhu "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVONACCESSDRIV.INF"
    MSI (s) (A4:A8) [08:26:03:792]: User policy value 'DisableRollback' is 0
    MSI (s) (A4:A8) [08:26:03:792]: Machine policy value 'DisableRollback' is 0
    End of action 8:26:03: InstallFinalize。Return value 3
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: Header(Signature=1397708873,Version=500,Timestamp=1267614529,LangId=1041,Platform=0,ScriptType=2,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1)
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: DialogInfo(Type=0,Argument=1041)
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: DialogInfo(Type=1,Argument=Sophos Anti-Virus)
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Deleting backup,CleanupTemplate=File: [1])
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: RegisterBackupFile(File=C:\Config.Msi\17d0e9.rbf)
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: RegisterBackupFile(File=C:\Config.Msi\17d0ea.rbf)
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: ActionStart(Name=UninstallDriverFiles64Vista,,)
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: ProductInfo(ProductKey={8669D19F-7702-46AF-A6CA-61C32E369B18},ProductName=Sophos Anti-Virus,PackageName=Sophos Anti-Virus.msi,Language=1041,Version=168230914,Assignment=1,ObsoleteArg=0,ProductIcon=ARPPRODUCTICON.exe,,PackageCode={B11B63E0-A3EB-478A-AF04-AAE0B577AEB2},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0,ProductDeploymentFlags=3)
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: ActionStart(Name=RemoveSAVI,,)
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: ActionStart(Name=RemoveShortcuts,Description=Deleting shortcut,Template=shortcut: [1])
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: SetTargetFolder(Folder=23\Sophos\Sophos Endpoint Security and Control\)
    MSI (s) (A4:A8) [08:26:03:823]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: SetTargetFolder(Folder=23\Sophos\Sophos Endpoint Security and Control\)
    MSI (s) (A4:A8) [08:26:03:823]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: FileCopy(SourceName=C:\Config.Msi\17d0ea.rbf,,DestName=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Endpoint Security and Control\www.sophos.co.jp .lnk,Attributes=32,FileSize=0,PerTick=0,,VerifyMedia=0,ElevateFlags=3,,,,,,,InstallMode=4194304,,,,,,,)
    MSI (s) (A4:A8) [08:26:03:823]: File: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Endpoint Security and Control\www.sophos.co.jp.lnk; To be installed; Won't patch; No existing file
    MSI (s) (A4:A8) [08:26:03:839]: Executing op: FileRemove(,FileName=C:\Config.Msi\17d0ea.rbf,Elevate=1,)
    MSI (s) (A4:A8) [08:26:03:839]: Note: 1: 2318 2: 
    MSI (s) (A4:A8) [08:26:03:839]: Executing op: FileCopy(SourceName=C:\Config.Msi\17d0e9.rbf,,DestName=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Endpoint Security and Control\Sophos Endpoint Security and Control.lnk,Attributes=32,FileSize=0,PerTick=0,,VerifyMedia=0,ElevateFlags=3,,,,,,,InstallMode=4194304,,,,,,,)

Reply
  • 0 in reply to QC

    Dear QC.

    Thank you for reply.

    I found Return value 3 and it seems that MSinstaller has  a problem.

    It will be appreciated if you take a look.

    MSI (s) (A4:CC) [08:26:03:667]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIF91D.tmp, Entrypoint: RemoveSAVI
    MSI (s) (A4:A8) [08:26:03:683]: Executing op: ActionStart(Name=UninstallDriverFiles64Vista,,)
    MSI (s) (A4:A8) [08:26:03:683]: Executing op: CustomActionSchedule(Action=UninstallDriverFiles64Vista,ActionType=1058,Source=C:\Windows\SysWOW64\,Target="C:\Program Files (x86)\Sophos\Sophos Anti-Virus\NATIVE.EXE" /lhu "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVONACCESSDRIV.INF",)
    MSI (s) (A4:A8) [08:26:03:792]: Note: 1: 1722 2: UninstallDriverFiles64Vista 3: C:\Windows\SysWOW64\ 4: "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\NATIVE.EXE" /lhu "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVONACCESSDRIV.INF"
    MSI (s) (A4:A8) [08:26:03:792]: Transforming table Error.

    CustomAction UninstallDriverFiles64Vista returned actual error code -1071 (note this may not be 100% accurate if translation happened inside sandbox)
    MSI (s) (A4:A8) [08:26:03:792]: Transforming table Error.

    MSI (s) (A4:A8) [08:26:03:792]: Product: Sophos Anti-Virus -- error 1722 There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  Action UninstallDriverFiles64Vista, location: C:\Windows\SysWOW64\, command: "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\NATIVE.EXE" /lhu "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVONACCESSDRIV.INF"

    Error 1722 There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  Action UninstallDriverFiles64Vista, location: C:\Windows\SysWOW64\, command: "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\NATIVE.EXE" /lhu "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVONACCESSDRIV.INF"
    MSI (s) (A4:A8) [08:26:03:792]: User policy value 'DisableRollback' is 0
    MSI (s) (A4:A8) [08:26:03:792]: Machine policy value 'DisableRollback' is 0
    End of action 8:26:03: InstallFinalize。Return value 3
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: Header(Signature=1397708873,Version=500,Timestamp=1267614529,LangId=1041,Platform=0,ScriptType=2,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1)
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: DialogInfo(Type=0,Argument=1041)
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: DialogInfo(Type=1,Argument=Sophos Anti-Virus)
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Deleting backup,CleanupTemplate=File: [1])
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: RegisterBackupFile(File=C:\Config.Msi\17d0e9.rbf)
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: RegisterBackupFile(File=C:\Config.Msi\17d0ea.rbf)
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: ActionStart(Name=UninstallDriverFiles64Vista,,)
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: ProductInfo(ProductKey={8669D19F-7702-46AF-A6CA-61C32E369B18},ProductName=Sophos Anti-Virus,PackageName=Sophos Anti-Virus.msi,Language=1041,Version=168230914,Assignment=1,ObsoleteArg=0,ProductIcon=ARPPRODUCTICON.exe,,PackageCode={B11B63E0-A3EB-478A-AF04-AAE0B577AEB2},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0,ProductDeploymentFlags=3)
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: ActionStart(Name=RemoveSAVI,,)
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: ActionStart(Name=RemoveShortcuts,Description=Deleting shortcut,Template=shortcut: [1])
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: SetTargetFolder(Folder=23\Sophos\Sophos Endpoint Security and Control\)
    MSI (s) (A4:A8) [08:26:03:823]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: SetTargetFolder(Folder=23\Sophos\Sophos Endpoint Security and Control\)
    MSI (s) (A4:A8) [08:26:03:823]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
    MSI (s) (A4:A8) [08:26:03:823]: Executing op: FileCopy(SourceName=C:\Config.Msi\17d0ea.rbf,,DestName=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Endpoint Security and Control\www.sophos.co.jp .lnk,Attributes=32,FileSize=0,PerTick=0,,VerifyMedia=0,ElevateFlags=3,,,,,,,InstallMode=4194304,,,,,,,)
    MSI (s) (A4:A8) [08:26:03:823]: File: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Endpoint Security and Control\www.sophos.co.jp.lnk; To be installed; Won't patch; No existing file
    MSI (s) (A4:A8) [08:26:03:839]: Executing op: FileRemove(,FileName=C:\Config.Msi\17d0ea.rbf,Elevate=1,)
    MSI (s) (A4:A8) [08:26:03:839]: Note: 1: 2318 2: 
    MSI (s) (A4:A8) [08:26:03:839]: Executing op: FileCopy(SourceName=C:\Config.Msi\17d0e9.rbf,,DestName=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Endpoint Security and Control\Sophos Endpoint Security and Control.lnk,Attributes=32,FileSize=0,PerTick=0,,VerifyMedia=0,ElevateFlags=3,,,,,,,InstallMode=4194304,,,,,,,)

Children
  • 0 in reply to Recruit1

    Hello ,

    apparently the driver uninstall fails - this is likely due to missing files (can't say how they disappeared though) and can most of the time be resolved by copying the files from the cache to the expected location, copy also the SophosBootDriver.inf as it's likely missing as well.

    Christian

  • 0 in reply to QC

    Hello Christian

    Thank you very much for your reply.

     

    I checked folder construction.

    C:\programdata\sophos\autoupdate\cache\savxp is empty and

    savonaccessdriv.inf and sophosbootdriver.inf are existing in

    c:\program files(x86)\sophos\sophos anti-virus .

    it seems that needed files are existing in the appropriate folder.

    Thank you.

    Recruit 1

     

  • 0 in reply to Recruit1

    Hello Recruit1,

    that needed files are existing
    but it still fails? Is there a CustomActions log from the same time as the Uninstall log?

    Christian

  • 0 in reply to QC

    Hello Christian

    Here it is whole of CustomActions log.

    2017-03-14 16:03:54 CheckUserIsSophosAdmin: Action started
    2017-03-14 16:03:54 CheckUserIsSophosAdmin: Action succeeded
    2017-03-14 16:04:21 CheckUserIsSophosAdmin: Action started
    2017-03-14 16:04:21 CheckUserIsSophosAdmin: Action succeeded
    2017-12-13 12:12:12 CheckUserIsSophosAdmin: Action started
    2017-12-13 12:12:12 CheckUserIsSophosAdmin: Action succeeded
    2017-12-13 12:12:12 CheckForSophosClientFirewall: Action started
    2017-12-13 12:12:12 CheckForSophosClientFirewall: Action succeeded
    2017-12-13 12:12:15 SetClassFilterPresentProperty: Action started
    2017-12-13 12:12:15 SetClassFilterPresentProperty: Setting class filter present property to: 1
    2017-12-13 12:12:15 SetClassFilterPresentProperty: Action succeeded
    2017-12-13 12:12:15 SetProcessorProperties: Action started
    2017-12-13 12:12:15 SetProcessorProperties: Action succeeded
    2017-12-13 12:12:15 SetRestoreExcludedProcessesProperty: Action started
    2017-12-13 12:12:15 SetRestoreExcludedProcessesProperty: SetRestoreExcludedProcessesProperty
    2017-12-13 12:12:15 SetRestoreExcludedProcessesProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64
    2017-12-13 12:12:15 SetRestoreExcludedProcessesProperty: Action succeeded
    2017-12-13 12:12:21 CheckRegForNullDACLs: Action started
    2017-12-13 12:12:21 CheckRegForNullDACLs: Action succeeded
    2017-12-13 12:12:21 CloseSavMainWindow: Action started
    2017-12-13 12:12:21 CloseSavMainWindow: Action succeeded
    2017-12-13 12:12:21 DisableServices: Action started
    2017-12-13 12:12:21 DisableServices: Action succeeded
    2017-12-13 12:12:23 ForceStopSAVService: Action started
    2017-12-13 12:12:23 ForceStopSAVService: ForceStopService: Stopping SAVService
    2017-12-13 12:12:23 ForceStopSAVService: ForceStopService: Checking if service is still running
    2017-12-13 12:12:23 ForceStopSAVService: ForceStopService: Stopping SAVAdminService
    2017-12-13 12:12:23 ForceStopSAVService: ForceStopService: Checking if service is still running
    2017-12-13 12:12:23 ForceStopSAVService: ForceStopSAVService: Services have been stopped
    2017-12-13 12:12:23 ForceStopSAVService: Action succeeded
    2017-12-13 12:12:23 WaitForSAVService: Action started
    2017-12-13 12:12:23 WaitForSAVService: WaitForSAVService: Walking system processes...
    2017-12-13 12:12:23 WaitForSAVService: WaitForSAVService: Finished walking system processes.
    2017-12-13 12:12:23 WaitForSAVService: Action succeeded
    2017-12-13 12:12:23 RemoveTamperProtectionRegKey: Action started
    2017-12-13 12:12:23 RemoveTamperProtectionRegKey: Action succeeded
    2017-12-13 12:12:23 RemoveSophosCleanupService: Action started
    2017-12-13 12:12:23 RemoveSophosCleanupService: Action succeeded
    2017-12-13 12:12:23 UninstallSecurityCenter: Action started
    2017-12-13 12:12:23 UninstallSecurityCenter: Action succeeded
    2017-12-13 12:12:29 RemoveSAVI: Action started
    2017-12-13 12:12:29 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate
    2017-12-13 12:12:29 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__
    2017-12-13 12:12:29 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate
    2017-12-13 12:12:29 RemoveSAVI: UpdateRequest signalled
    2017-12-13 12:12:29 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended
    2017-12-13 12:12:29 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__
    2017-12-13 12:12:29 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended
    2017-12-13 12:12:29 RemoveSAVI: Action succeeded
    2017-12-13 12:12:42 CreateTamperProtectionRegKey: Action started
    2017-12-13 12:12:42 CreateTamperProtectionRegKey: Action succeeded
    2017-12-13 12:12:43 RollbackDisableServices: Action started
    2017-12-13 12:12:43 RollbackDisableServices: Action succeeded
    2017-12-13 12:12:43 RunErrorScripts: Action started
    2017-12-13 12:12:43 RunErrorScripts: Action succeeded
    2017-12-13 12:12:43 RestoreMovedFiles: Action started
    2017-12-13 12:12:43 RestoreMovedFiles: Action succeeded
    2017-12-13 12:12:43 SetUpdateFailed: Action started
    2017-12-13 12:12:45 SetUpdateFailed: Unable to get SystemInformation from ComponentManager - SystemInformation cannot be informed of end of update
    2017-12-13 12:12:45 SetUpdateFailed: SetUpdateFailed() shared method failed.
    2017-12-13 12:12:45 SetUpdateFailed: Action failed
    2017-12-13 12:19:26 CheckUserIsSophosAdmin: Action started
    2017-12-13 12:19:26 CheckUserIsSophosAdmin: Action succeeded
    2017-12-13 12:19:26 CheckForSophosClientFirewall: Action started
    2017-12-13 12:19:26 CheckForSophosClientFirewall: Action succeeded
    2017-12-13 12:19:29 SetClassFilterPresentProperty: Action started
    2017-12-13 12:19:29 SetClassFilterPresentProperty: Setting class filter present property to: 1
    2017-12-13 12:19:29 SetClassFilterPresentProperty: Action succeeded
    2017-12-13 12:19:29 SetProcessorProperties: Action started
    2017-12-13 12:19:29 SetProcessorProperties: Action succeeded
    2017-12-13 12:19:29 SetRestoreExcludedProcessesProperty: Action started
    2017-12-13 12:19:29 SetRestoreExcludedProcessesProperty: SetRestoreExcludedProcessesProperty
    2017-12-13 12:19:29 SetRestoreExcludedProcessesProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64
    2017-12-13 12:19:29 SetRestoreExcludedProcessesProperty: Action succeeded
    2017-12-13 12:19:35 CheckRegForNullDACLs: Action started
    2017-12-13 12:19:35 CheckRegForNullDACLs: Action succeeded
    2017-12-13 12:19:35 CloseSavMainWindow: Action started
    2017-12-13 12:19:35 CloseSavMainWindow: Action succeeded
    2017-12-13 12:19:35 DisableServices: Action started
    2017-12-13 12:19:37 DisableServices: Action succeeded
    2017-12-13 12:19:38 ForceStopSAVService: Action started
    2017-12-13 12:19:38 ForceStopSAVService: ForceStopService: Stopping SAVService
    2017-12-13 12:19:38 ForceStopSAVService: ForceStopService: Checking if service is still running
    2017-12-13 12:19:38 ForceStopSAVService: ForceStopService: Stopping SAVAdminService
    2017-12-13 12:19:38 ForceStopSAVService: ForceStopService: Checking if service is still running
    2017-12-13 12:19:38 ForceStopSAVService: ForceStopSAVService: Services have been stopped
    2017-12-13 12:19:38 ForceStopSAVService: Action succeeded
    2017-12-13 12:19:38 WaitForSAVService: Action started
    2017-12-13 12:19:38 WaitForSAVService: WaitForSAVService: Walking system processes...
    2017-12-13 12:19:38 WaitForSAVService: WaitForSAVService: Finished walking system processes.
    2017-12-13 12:19:38 WaitForSAVService: Action succeeded
    2017-12-13 12:19:38 RemoveTamperProtectionRegKey: Action started
    2017-12-13 12:19:38 RemoveTamperProtectionRegKey: Action succeeded
    2017-12-13 12:19:38 RemoveSophosCleanupService: Action started
    2017-12-13 12:19:38 RemoveSophosCleanupService: Action succeeded
    2017-12-13 12:19:38 UninstallSecurityCenter: Action started
    2017-12-13 12:19:39 UninstallSecurityCenter: Error returned from CAntiVirusProvider::Uninstall() was: -2147467259
    2017-12-13 12:19:39 UninstallSecurityCenter: Error returned from CAntiSpywareProvider::Uninstall() was: -2147467259
    2017-12-13 12:19:39 UninstallSecurityCenter: Action succeeded
    2017-12-13 12:19:41 RemoveSAVI: Action started
    2017-12-13 12:19:41 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate
    2017-12-13 12:19:41 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__
    2017-12-13 12:19:41 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate
    2017-12-13 12:19:41 RemoveSAVI: UpdateRequest signalled
    2017-12-13 12:19:41 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended
    2017-12-13 12:19:41 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__
    2017-12-13 12:19:41 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended
    2017-12-13 12:19:41 RemoveSAVI: Action succeeded
    2017-12-13 12:20:06 CreateTamperProtectionRegKey: Action started
    2017-12-13 12:20:06 CreateTamperProtectionRegKey: Action succeeded
    2017-12-13 12:20:07 RollbackDisableServices: Action started
    2017-12-13 12:20:07 RollbackDisableServices: Action succeeded
    2017-12-13 12:20:08 RunErrorScripts: Action started
    2017-12-13 12:20:08 RunErrorScripts: Action succeeded
    2017-12-13 12:20:08 RestoreMovedFiles: Action started
    2017-12-13 12:20:08 RestoreMovedFiles: Action succeeded
    2017-12-13 12:20:08 SetUpdateFailed: Action started
    2017-12-13 12:20:08 SetUpdateFailed: Unable to get SystemInformation from ComponentManager - SystemInformation cannot be informed of end of update
    2017-12-13 12:20:08 SetUpdateFailed: SetUpdateFailed() shared method failed.
    2017-12-13 12:20:08 SetUpdateFailed: Action failed
    2017-12-13 12:22:05 CheckUserIsSophosAdmin: Action started
    2017-12-13 12:22:05 CheckUserIsSophosAdmin: Action succeeded
    2017-12-13 12:22:05 CheckForSophosClientFirewall: Action started
    2017-12-13 12:22:05 CheckForSophosClientFirewall: Action succeeded
    2017-12-13 12:22:07 SetClassFilterPresentProperty: Action started
    2017-12-13 12:22:07 SetClassFilterPresentProperty: Setting class filter present property to: 1
    2017-12-13 12:22:07 SetClassFilterPresentProperty: Action succeeded
    2017-12-13 12:22:07 SetProcessorProperties: Action started
    2017-12-13 12:22:07 SetProcessorProperties: Action succeeded
    2017-12-13 12:22:07 SetRestoreExcludedProcessesProperty: Action started
    2017-12-13 12:22:07 SetRestoreExcludedProcessesProperty: SetRestoreExcludedProcessesProperty
    2017-12-13 12:22:07 SetRestoreExcludedProcessesProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64
    2017-12-13 12:22:07 SetRestoreExcludedProcessesProperty: Action succeeded
    2017-12-13 12:22:13 CheckRegForNullDACLs: Action started
    2017-12-13 12:22:13 CheckRegForNullDACLs: Action succeeded
    2017-12-13 12:22:13 CloseSavMainWindow: Action started
    2017-12-13 12:22:13 CloseSavMainWindow: Action succeeded
    2017-12-13 12:22:13 DisableServices: Action started
    2017-12-13 12:22:14 DisableServices: Action succeeded
    2017-12-13 12:22:14 ForceStopSAVService: Action started
    2017-12-13 12:22:14 ForceStopSAVService: ForceStopService: Stopping SAVService
    2017-12-13 12:22:14 ForceStopSAVService: ForceStopService: Checking if service is still running
    2017-12-13 12:22:14 ForceStopSAVService: ForceStopService: Stopping SAVAdminService
    2017-12-13 12:22:14 ForceStopSAVService: ForceStopService: Checking if service is still running
    2017-12-13 12:22:14 ForceStopSAVService: ForceStopSAVService: Services have been stopped
    2017-12-13 12:22:14 ForceStopSAVService: Action succeeded
    2017-12-13 12:22:14 WaitForSAVService: Action started
    2017-12-13 12:22:14 WaitForSAVService: WaitForSAVService: Walking system processes...
    2017-12-13 12:22:14 WaitForSAVService: WaitForSAVService: Finished walking system processes.
    2017-12-13 12:22:14 WaitForSAVService: Action succeeded
    2017-12-13 12:22:14 RemoveTamperProtectionRegKey: Action started
    2017-12-13 12:22:14 RemoveTamperProtectionRegKey: Action succeeded
    2017-12-13 12:22:14 RemoveSophosCleanupService: Action started
    2017-12-13 12:22:14 RemoveSophosCleanupService: Action succeeded
    2017-12-13 12:22:14 UninstallSecurityCenter: Action started
    2017-12-13 12:22:14 UninstallSecurityCenter: Error returned from CAntiVirusProvider::Uninstall() was: -2147467259
    2017-12-13 12:22:14 UninstallSecurityCenter: Error returned from CAntiSpywareProvider::Uninstall() was: -2147467259
    2017-12-13 12:22:14 UninstallSecurityCenter: Action succeeded
    2017-12-13 12:22:16 RemoveSAVI: Action started
    2017-12-13 12:22:16 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate
    2017-12-13 12:22:16 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__
    2017-12-13 12:22:16 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate
    2017-12-13 12:22:16 RemoveSAVI: UpdateRequest signalled
    2017-12-13 12:22:16 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended
    2017-12-13 12:22:16 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__
    2017-12-13 12:22:16 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended
    2017-12-13 12:22:16 RemoveSAVI: Action succeeded
    2017-12-13 12:23:04 CreateTamperProtectionRegKey: Action started
    2017-12-13 12:23:04 CreateTamperProtectionRegKey: Action succeeded
    2017-12-13 12:23:04 RollbackDisableServices: Action started
    2017-12-13 12:23:04 RollbackDisableServices: Action succeeded
    2017-12-13 12:23:04 RunErrorScripts: Action started
    2017-12-13 12:23:04 RunErrorScripts: Action succeeded
    2017-12-13 12:23:04 RestoreMovedFiles: Action started
    2017-12-13 12:23:04 RestoreMovedFiles: Action succeeded
    2017-12-13 12:23:04 SetUpdateFailed: Action started
    2017-12-13 12:23:05 SetUpdateFailed: Unable to get SystemInformation from ComponentManager - SystemInformation cannot be informed of end of update
    2017-12-13 12:23:05 SetUpdateFailed: SetUpdateFailed() shared method failed.
    2017-12-13 12:23:05 SetUpdateFailed: Action failed
    2017-12-13 12:50:29 CheckUserIsSophosAdmin: Action started
    2017-12-13 12:50:29 CheckUserIsSophosAdmin: Action succeeded
    2017-12-13 12:50:29 CheckForSophosClientFirewall: Action started
    2017-12-13 12:50:29 CheckForSophosClientFirewall: Action succeeded
    2017-12-13 12:50:32 SetClassFilterPresentProperty: Action started
    2017-12-13 12:50:32 SetClassFilterPresentProperty: Setting class filter present property to: 1
    2017-12-13 12:50:32 SetClassFilterPresentProperty: Action succeeded
    2017-12-13 12:50:32 SetProcessorProperties: Action started
    2017-12-13 12:50:32 SetProcessorProperties: Action succeeded
    2017-12-13 12:50:32 SetRestoreExcludedProcessesProperty: Action started
    2017-12-13 12:50:32 SetRestoreExcludedProcessesProperty: SetRestoreExcludedProcessesProperty
    2017-12-13 12:50:32 SetRestoreExcludedProcessesProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64
    2017-12-13 12:50:32 SetRestoreExcludedProcessesProperty: Action succeeded
    2017-12-13 12:50:38 CheckRegForNullDACLs: Action started
    2017-12-13 12:50:38 CheckRegForNullDACLs: Action succeeded
    2017-12-13 12:50:38 CloseSavMainWindow: Action started
    2017-12-13 12:50:38 CloseSavMainWindow: Action succeeded
    2017-12-13 12:50:38 DisableServices: Action started
    2017-12-13 12:50:38 DisableServices: Action succeeded
    2017-12-13 12:50:39 ForceStopSAVService: Action started
    2017-12-13 12:50:39 ForceStopSAVService: ForceStopService: Stopping SAVService
    2017-12-13 12:50:39 ForceStopSAVService: ForceStopService: Checking if service is still running
    2017-12-13 12:50:39 ForceStopSAVService: ForceStopService: Stopping SAVAdminService
    2017-12-13 12:50:39 ForceStopSAVService: ForceStopService: Checking if service is still running
    2017-12-13 12:50:39 ForceStopSAVService: ForceStopSAVService: Services have been stopped
    2017-12-13 12:50:39 ForceStopSAVService: Action succeeded
    2017-12-13 12:50:39 WaitForSAVService: Action started
    2017-12-13 12:50:39 WaitForSAVService: WaitForSAVService: Walking system processes...
    2017-12-13 12:50:39 WaitForSAVService: WaitForSAVService: Finished walking system processes.
    2017-12-13 12:50:39 WaitForSAVService: Action succeeded
    2017-12-13 12:50:39 RemoveTamperProtectionRegKey: Action started
    2017-12-13 12:50:39 RemoveTamperProtectionRegKey: Action succeeded
    2017-12-13 12:50:39 RemoveSophosCleanupService: Action started
    2017-12-13 12:50:39 RemoveSophosCleanupService: Action succeeded
    2017-12-13 12:50:40 UninstallSecurityCenter: Action started
    2017-12-13 12:50:40 UninstallSecurityCenter: Error returned from CAntiVirusProvider::Uninstall() was: -2147467259
    2017-12-13 12:50:40 UninstallSecurityCenter: Error returned from CAntiSpywareProvider::Uninstall() was: -2147467259
    2017-12-13 12:50:40 UninstallSecurityCenter: Action succeeded
    2017-12-13 12:50:42 RemoveSAVI: Action started
    2017-12-13 12:50:42 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate
    2017-12-13 12:50:42 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__
    2017-12-13 12:50:42 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate
    2017-12-13 12:50:42 RemoveSAVI: UpdateRequest signalled
    2017-12-13 12:50:42 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended
    2017-12-13 12:50:42 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__
    2017-12-13 12:50:42 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended
    2017-12-13 12:50:42 RemoveSAVI: Action succeeded
    2017-12-13 12:51:08 CreateTamperProtectionRegKey: Action started
    2017-12-13 12:51:08 CreateTamperProtectionRegKey: Action succeeded
    2017-12-13 12:51:08 RollbackDisableServices: Action started
    2017-12-13 12:51:08 RollbackDisableServices: Action succeeded
    2017-12-13 12:51:09 RunErrorScripts: Action started
    2017-12-13 12:51:09 RunErrorScripts: Action succeeded
    2017-12-13 12:51:09 RestoreMovedFiles: Action started
    2017-12-13 12:51:09 RestoreMovedFiles: Action succeeded
    2017-12-13 12:51:09 SetUpdateFailed: Action started
    2017-12-13 12:51:09 SetUpdateFailed: Unable to get SystemInformation from ComponentManager - SystemInformation cannot be informed of end of update
    2017-12-13 12:51:09 SetUpdateFailed: SetUpdateFailed() shared method failed.
    2017-12-13 12:51:09 SetUpdateFailed: Action failed
    2017-12-14 08:25:53 CheckUserIsSophosAdmin: Action started
    2017-12-14 08:25:53 CheckUserIsSophosAdmin: Action succeeded
    2017-12-14 08:25:53 CheckForSophosClientFirewall: Action started
    2017-12-14 08:25:53 CheckForSophosClientFirewall: Action succeeded
    2017-12-14 08:25:54 SetClassFilterPresentProperty: Action started
    2017-12-14 08:25:54 SetClassFilterPresentProperty: Setting class filter present property to: 1
    2017-12-14 08:25:54 SetClassFilterPresentProperty: Action succeeded
    2017-12-14 08:25:54 SetProcessorProperties: Action started
    2017-12-14 08:25:54 SetProcessorProperties: Action succeeded
    2017-12-14 08:25:54 SetRestoreExcludedProcessesProperty: Action started
    2017-12-14 08:25:54 SetRestoreExcludedProcessesProperty: SetRestoreExcludedProcessesProperty
    2017-12-14 08:25:54 SetRestoreExcludedProcessesProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64
    2017-12-14 08:25:54 SetRestoreExcludedProcessesProperty: Action succeeded
    2017-12-14 08:26:00 CheckRegForNullDACLs: Action started
    2017-12-14 08:26:00 CheckRegForNullDACLs: Action succeeded
    2017-12-14 08:26:00 CloseSavMainWindow: Action started
    2017-12-14 08:26:00 CloseSavMainWindow: Action succeeded
    2017-12-14 08:26:00 DisableServices: Action started
    2017-12-14 08:26:00 DisableServices: Action succeeded
    2017-12-14 08:26:01 ForceStopSAVService: Action started
    2017-12-14 08:26:01 ForceStopSAVService: ForceStopService: Stopping SAVService
    2017-12-14 08:26:01 ForceStopSAVService: ForceStopService: Checking if service is still running
    2017-12-14 08:26:01 ForceStopSAVService: ForceStopService: Stopping SAVAdminService
    2017-12-14 08:26:01 ForceStopSAVService: ForceStopService: Checking if service is still running
    2017-12-14 08:26:01 ForceStopSAVService: ForceStopSAVService: Services have been stopped
    2017-12-14 08:26:01 ForceStopSAVService: Action succeeded
    2017-12-14 08:26:01 WaitForSAVService: Action started
    2017-12-14 08:26:01 WaitForSAVService: WaitForSAVService: Walking system processes...
    2017-12-14 08:26:01 WaitForSAVService: WaitForSAVService: Finished walking system processes.
    2017-12-14 08:26:01 WaitForSAVService: Action succeeded
    2017-12-14 08:26:01 RemoveTamperProtectionRegKey: Action started
    2017-12-14 08:26:01 RemoveTamperProtectionRegKey: Action succeeded
    2017-12-14 08:26:01 RemoveSophosCleanupService: Action started
    2017-12-14 08:26:01 RemoveSophosCleanupService: Action succeeded
    2017-12-14 08:26:01 UninstallSecurityCenter: Action started
    2017-12-14 08:26:01 UninstallSecurityCenter: Error returned from CAntiVirusProvider::Uninstall() was: -2147467259
    2017-12-14 08:26:01 UninstallSecurityCenter: Action succeeded
    2017-12-14 08:26:03 RemoveSAVI: Action started
    2017-12-14 08:26:03 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate
    2017-12-14 08:26:03 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__
    2017-12-14 08:26:03 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate
    2017-12-14 08:26:03 RemoveSAVI: UpdateRequest signalled
    2017-12-14 08:26:03 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended
    2017-12-14 08:26:03 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__
    2017-12-14 08:26:03 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended
    2017-12-14 08:26:03 RemoveSAVI: Action succeeded
    2017-12-14 08:26:11 CreateTamperProtectionRegKey: Action started
    2017-12-14 08:26:11 CreateTamperProtectionRegKey: Action succeeded
    2017-12-14 08:26:12 RollbackDisableServices: Action started
    2017-12-14 08:26:13 RollbackDisableServices: Action succeeded
    2017-12-14 08:26:13 RunErrorScripts: Action started
    2017-12-14 08:26:13 RunErrorScripts: Action succeeded
    2017-12-14 08:26:13 RestoreMovedFiles: Action started
    2017-12-14 08:26:13 RestoreMovedFiles: Action succeeded
    2017-12-14 08:26:13 SetUpdateFailed: Action started
    2017-12-14 08:26:13 SetUpdateFailed: Unable to get SystemInformation from ComponentManager - SystemInformation cannot be informed of end of update
    2017-12-14 08:26:13 SetUpdateFailed: SetUpdateFailed() shared method failed.
    2017-12-14 08:26:13 SetUpdateFailed: Action failed
    2017-12-21 16:56:49 CheckUserIsSophosAdmin: Action started
    2017-12-21 16:56:49 CheckUserIsSophosAdmin: Action succeeded
    2017-12-21 16:56:49 CheckForSophosClientFirewall: Action started
    2017-12-21 16:56:49 CheckForSophosClientFirewall: Action succeeded
    2017-12-21 16:56:53 SetClassFilterPresentProperty: Action started
    2017-12-21 16:56:53 SetClassFilterPresentProperty: Setting class filter present property to: 1
    2017-12-21 16:56:53 SetClassFilterPresentProperty: Action succeeded
    2017-12-21 16:56:54 SetProcessorProperties: Action started
    2017-12-21 16:56:54 SetProcessorProperties: Action succeeded
    2017-12-21 16:56:54 SetRestoreExcludedProcessesProperty: Action started
    2017-12-21 16:56:54 SetRestoreExcludedProcessesProperty: SetRestoreExcludedProcessesProperty
    2017-12-21 16:56:54 SetRestoreExcludedProcessesProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64
    2017-12-21 16:56:54 SetRestoreExcludedProcessesProperty: Action succeeded
    2017-12-21 16:57:00 CheckRegForNullDACLs: Action started
    2017-12-21 16:57:00 CheckRegForNullDACLs: Action succeeded
    2017-12-21 16:57:00 CloseSavMainWindow: Action started
    2017-12-21 16:57:00 CloseSavMainWindow: Action succeeded
    2017-12-21 16:57:00 DisableServices: Action started
    2017-12-21 16:57:00 DisableServices: Action succeeded
    2017-12-21 16:57:01 ForceStopSAVService: Action started
    2017-12-21 16:57:01 ForceStopSAVService: ForceStopService: Stopping SAVService
    2017-12-21 16:57:01 ForceStopSAVService: ForceStopService: Checking if service is still running
    2017-12-21 16:57:01 ForceStopSAVService: ForceStopService: Stopping SAVAdminService
    2017-12-21 16:57:02 ForceStopSAVService: ForceStopService: Checking if service is still running
    2017-12-21 16:57:02 ForceStopSAVService: ForceStopSAVService: Services have been stopped
    2017-12-21 16:57:02 ForceStopSAVService: Action succeeded
    2017-12-21 16:57:02 WaitForSAVService: Action started
    2017-12-21 16:57:02 WaitForSAVService: WaitForSAVService: Walking system processes...
    2017-12-21 16:57:02 WaitForSAVService: WaitForSAVService: Finished walking system processes.
    2017-12-21 16:57:02 WaitForSAVService: Action succeeded
    2017-12-21 16:57:02 RemoveTamperProtectionRegKey: Action started
    2017-12-21 16:57:02 RemoveTamperProtectionRegKey: Action succeeded
    2017-12-21 16:57:02 RemoveSophosCleanupService: Action started
    2017-12-21 16:57:02 RemoveSophosCleanupService: Action succeeded
    2017-12-21 16:57:02 UninstallSecurityCenter: Action started
    2017-12-21 16:57:03 UninstallSecurityCenter: Error returned from CAntiVirusProvider::Uninstall() was: -2147467259
    2017-12-21 16:57:03 UninstallSecurityCenter: Action succeeded
    2017-12-21 16:57:06 RemoveSAVI: Action started
    2017-12-21 16:57:06 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate
    2017-12-21 16:57:06 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__
    2017-12-21 16:57:06 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate
    2017-12-21 16:57:06 RemoveSAVI: UpdateRequest signalled
    2017-12-21 16:57:06 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended
    2017-12-21 16:57:06 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__
    2017-12-21 16:57:06 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended
    2017-12-21 16:57:06 RemoveSAVI: Action succeeded
    2017-12-21 16:57:31 CreateTamperProtectionRegKey: Action started
    2017-12-21 16:57:31 CreateTamperProtectionRegKey: Action succeeded
    2017-12-21 16:57:33 RollbackDisableServices: Action started
    2017-12-21 16:57:33 RollbackDisableServices: Action succeeded
    2017-12-21 16:57:33 RunErrorScripts: Action started
    2017-12-21 16:57:33 RunErrorScripts: Action succeeded
    2017-12-21 16:57:33 RestoreMovedFiles: Action started
    2017-12-21 16:57:33 RestoreMovedFiles: Action succeeded
    2017-12-21 16:57:34 SetUpdateFailed: Action started
    2017-12-21 16:57:34 SetUpdateFailed: Unable to get SystemInformation from ComponentManager - SystemInformation cannot be informed of end of update
    2017-12-21 16:57:34 SetUpdateFailed: SetUpdateFailed() shared method failed.
    2017-12-21 16:57:34 SetUpdateFailed: Action failed

     

    Thank you very much.

    Recruit1

  • 0 in reply to Recruit1

    Hello Recruit1,

    thanks, that's the one. Unfortunately there's no output from the failing action (wonder if there should be one).

    There should be a setupapi.app.log in C:\Windows\inf. If you search from the bottom upwards for SAVONACCESS you should find the attempted uninstall - maybe there's a little bit more information.

    Christian

  • 0 in reply to QC

    Hello Christian.

    Thank you for your feedback.

    Here is the setupapi.app.log. It seems that all sequences exited with SUCCESS.

    Thank you.

    Recruit1

    >>>  [SetupInstallFilesFromInfSection - Install.Remove]
    >>>  Section start 2017/12/21 09:07:27.187
          cmd: C:\PROGRA~2\Sophos\SOPHOS~2\DRIVER~1.EXE /uninstall /legacy_ndis
    <<<  Section end 2017/12/21 09:07:27.187
    <<<  [Exit status: SUCCESS]


    >>>  [SetupScanFileQueue]
    >>>  Section start 2017/12/21 09:07:27.187
          cmd: C:\PROGRA~2\Sophos\SOPHOS~2\DRIVER~1.EXE /uninstall /legacy_ndis
    <<<  Section end 2017/12/21 09:07:27.187
    <<<  [Exit status: SUCCESS]


    >>>  [SetupInstallFromInfSection - Install.Remove]
    >>>  Section start 2017/12/21 09:07:27.187
          cmd: C:\PROGRA~2\Sophos\SOPHOS~2\DRIVER~1.EXE /uninstall /legacy_ndis
    <<<  Section end 2017/12/21 09:07:27.187
    <<<  [Exit status: SUCCESS]


    >>>  [SetupInstallServicesFromInfSectionEx - Install.Remove.Services]
    >>>  Section start 2017/12/21 09:07:27.187
          cmd: C:\PROGRA~2\Sophos\SOPHOS~2\DRIVER~1.EXE /uninstall /legacy_ndis
    <<<  Section end 2017/12/21 09:07:27.203
    <<<  [Exit status: SUCCESS]


    >>>  [SetupInstallFromInfSection - Install.Remove]
    >>>  Section start 2017/12/21 09:07:27.203
          cmd: C:\PROGRA~2\Sophos\SOPHOS~2\DRIVER~1.EXE /uninstall /legacy_ndis
    <<<  Section end 2017/12/21 09:07:27.203
    <<<  [Exit status: SUCCESS]


    >>>  [SetupInstallFilesFromInfSection - Install.Remove]
    >>>  Section start 2017/12/21 09:07:27.203
          cmd: C:\PROGRA~2\Sophos\SOPHOS~2\DRIVER~1.EXE /uninstall /legacy_ndis
    <<<  Section end 2017/12/21 09:07:27.203
    <<<  [Exit status: SUCCESS]


    >>>  [SetupScanFileQueue]
    >>>  Section start 2017/12/21 09:07:27.203
          cmd: C:\PROGRA~2\Sophos\SOPHOS~2\DRIVER~1.EXE /uninstall /legacy_ndis
    <<<  Section end 2017/12/21 09:07:27.203
    <<<  [Exit status: SUCCESS]


    >>>  [SetupUninstallOEMInf - oem21.inf]
    >>>  Section start 2017/12/21 09:07:27.203
          cmd: C:\PROGRA~2\Sophos\SOPHOS~2\DRIVER~1.EXE /uninstall /legacy_ndis
         sto: {Delete Driver Package: C:\windows\System32\DriverStore\FileRepository\scfndis.inf_amd64_neutral_ed9b42cebe1510a2\scfndis.inf} 09:07:27.234
         sto:      Deleting driver package from Driver Store:
         sto:           Driver Store   = C:\windows\System32\DriverStore (Online | 6.1.7601)
         sto:           Driver Package = C:\windows\System32\DriverStore\FileRepository\scfndis.inf_amd64_neutral_ed9b42cebe1510a2\scfndis.inf
         sto:           Flags          = 0x00000000
         pol:      {Driver package policy check} 09:07:28.180
         pol:      {Driver package policy check - exit(0x00000000)} 09:07:28.180
         sto:      {Unstage Driver Package: C:\windows\System32\DriverStore\FileRepository\scfndis.inf_amd64_neutral_ed9b42cebe1510a2\scfndis.inf} 09:07:28.180
         sto:           Published driver package INF 'oem21.inf' was deleted.
         sto:           {Delete Directory: C:\windows\System32\DriverStore\FileRepository\scfndis.inf_amd64_neutral_ed9b42cebe1510a2} 09:07:28.319
         sto:           {Delete Directory: exit(0x00000000)} 09:07:28.319
         sto:      {Unstage Driver Package: exit(0x00000000)} 09:07:28.319
         sto:      Deleted driver package from Driver Store. Time = 1077 ms
         sto: {Delete Driver Package: exit(0x00000000)} 09:07:28.319
    <<<  Section end 2017/12/21 09:07:28.428
    <<<  [Exit status: SUCCESS]

  • 0 in reply to Recruit1

    Unlike other anti-virus products sophos doesn't have a tool to force uninstall its many installed application just for AV.

    I found this BAT file that has worked pretty good for me to force/ripe out a failed or corrupted install of sophos AV.

    You want to run from an elevated command prompt.

    I find it best to create C:\sophos and copy the bat file in to this folder.

    After run the BAT file I would still delete any sophos folders.

    Make sure you reboot once or twice to make sure corrupted sophos AV is gone and delete any sophos folder still left.

    Open notepad

    paste and save as ForceUninstallSophosAV.bat or what ever you want to call it.

     

    net stop "Sophos Anti-Virus"
     net stop "Sophos AutoUpdate Service"
     "C:\program files\Sophos\Sophos Endpoint Agent\uninstallcli.exe"
     :Sophos AutoUpdate
     MsiExec.exe /qn /X{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16} REBOOT=ReallySuppress
     MsiExec.exe /qn /X{BCF53039-A7FC-4C79-A3E3-437AE28FD918} REBOOT=ReallySuppress
     MsiExec.exe /qn /X{9D1B8594-5DD2-4CDC-A5BD-98E7E9D75520} REBOOT=ReallySuppress
     MsiExec.exe /qn /X{AFBCA1B9-496C-4AE6-98AE-3EA1CFF65C54} REBOOT=ReallySuppress
     MsiExec.exe /qn /X{E82DD0A8-0E5C-4D72-8DDE-41BB0FC06B3E} REBOOT=ReallySuppress
     :Sophos Anti-Virus (Endpoint)
     MsiExec.exe /qn /X{8123193C-9000-4EEB-B28A-E74E779759FA} REBOOT=ReallySuppress
     MsiExec.exe /qn /X{36333618-1CE1-4EF2-8FFD-7F17394891CE} REBOOT=ReallySuppress
     MsiExec.exe /qn /X{DFDA2077-95D0-4C5F-ACE7-41DA16639255} REBOOT=ReallySuppress
     MsiExec.exe /qn /X{CA3CE456-B2D9-4812-8C69-17D6980432EF} REBOOT=ReallySuppress
     MsiExec.exe /qn /X{3B998572-90A5-4D61-9022-00B288DD755D} REBOOT=ReallySuppress
     :Sophos Anti-Virus (Server)
     MsiExec.exe /qn /X{72E30858-FC95-4C87-A697-670081EBF065} REBOOT=ReallySuppress
     :Sophos System Protection
     MsiExec.exe /qn /X{934BEF80-B9D1-4A86-8B42-D8A6716A8D27} REBOOT=ReallySuppress
     MsiExec.exe /qn /X{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6} REBOOT=ReallySuppress
     :Sophos Network Threat Protection
     MsiExec.exe /qn /X{66967E5F-43E8-4402-87A4-04685EE5C2CB} REBOOT=ReallySuppress
     :Sophos Health
     MsiExec.exe /qn /X{A5CCEEF1-B6A7-4EB4-A826-267996A62A9E} REBOOT=ReallySuppress
     MsiExec.exe /qn /X{D5BC54B8-1DA1-44F4-AE6F-86E05CDB0B44} REBOOT=ReallySuppress
     MsiExec.exe /qn /X{E44AF5E6-7D11-4BDF-BEA8-AA7AE5FE6745} REBOOT=ReallySuppress
     :SDU (1.x)
     MsiExec.exe /qn /X{4627F5A1-E85A-4394-9DB3-875DF83AF6C2} REBOOT=ReallySuppress
     :Heartbeat
     MsiExec.exe /qn /X{DFFA9361-3625-4219-82C2-9EF011E433B1} REBOOT=ReallySuppress
     :Sophos Management Communications System
     MsiExec.exe /qn /X{A1DC5EF8-DD20-45E8-ABBD-F529A24D477B} REBOOT=ReallySuppress
     MsiExec.exe /qn /X{1FFD3F20-5D24-4C9A-B9F6-A207A53CF179} REBOOT=ReallySuppress
     MsiExec.exe /qn /X{D875F30C-B469-4998-9A08-FE145DD5DC1A} REBOOT=ReallySuppress
     MsiExec.exe /qn /X{2C14E1A2-C4EB-466E-8374-81286D723D3A} REBOOT=ReallySuppress
     :UI
     MsiExec.exe /qn /X{D29542AE-287C-42E4-AB28-3858E13C1A3E} REBOOT=ReallySuppress
     :SophosClean
     "C:\Program Files\Sophos\Clean\uninstall.exe"
     :SED
     "C:\Program Files\Sophos\Endpoint Defense\uninstall.exe" /quiet
     :HMPA (managed) 3.5.3.563
     "C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe" /uninstall /quiet
     :HMPA 1.0.0.699
     "C:\Program Files (x86)\HitmanPro.Alert\uninstall.exe" /uninstall /quiet
     :HMPA 3.7.14.265
     "C:\Program Files\HitmanPro\HitmanPro.exe" /uninstall /quiet

  • 0 in reply to Navar Holmes

    I just went thru a force removal and want to detail the steps of the battle.

    Make sure no switch users are on the PC so reboot.

    Sophos doesn't support netted groups you will need to add the admin account you are using to the local SophosAdministrator group.

    If tamper protection is enable you must disable.

    Stand on one foot

    Uninstall as much as you can from Programs and Features.  For my last battle RMS would not uninstall.

    If there is any Sophos services running stop them.

    Browse ProgramData, Program Files and Program Files (x86) and delete Sophos folders.

    Run force remove bat file.

    Reboot PC.

    Check again for any running Sophos services and stop if so.

    Browse ProgramData, Program Files and Program Files (x86) and delete Sophos folders.

    Run force remove bat file.

    Normally you could stop here but Sophos goes kicking and screaming when you force uninstall.

    Run regedit and search for Sophos.  Disclaimer:  Deleting the wrong key in the Registry can break the PC.

    This can be a pain process and not everything with Sophos in it needs to have the key deleted.

    You will just need to use the Force when deciding which Sophos keys to delete.

    Again Disclaimer:  Deleting the wrong key in the Registry can break the PC.

    Reboot PC.

    Optional step:  Install CCLeanerPRo which as a free demo and run the registry cleanup and couple of times.

    Reboot PC.

    Login with your admin account and from the SEC protect the PC. (push the install). 

    I have a custom installer for Sophos but I don't like to use it when dealing with problem PCs as the custom installers are not 100% reliable when trying to communicate with the SEC.

    You should see sophos getting installed on the PC.

    I like to wait a few minutes after the install and then select the S shield and select Update now.

    Open Sophos Endpoint Security and Control and check the Update log.

    If the Force was strong with you, you should see "Warning: Restart needed for updates to take effect"

    Reboot and PC should be good.

    Remember to uninstall the demo version of CCLeaner.

    I hope this helps.

     

     

Unfiltered HTML