windows 2003 not updating

i have tried the following but server will still not update. i get a error to say the "this installation package could not be opened. verify that the package exist and that you can access it, or contact the application vendor to verify that this is a valid windows install package"

community.sophos.com/.../16187

  • In reply to paul foley1:

    Hello paul foley1,

    no installation, update or the like. I'd run it just for the SAVService.exe process, in case the Sophos Anti-Virus service is running stop it, start Process Monitor and define the appropriate filter, then start the service. Guess the error is issued almost immediately (recorded both in SAV.txt and the Event log). 

    Christian   

  • In reply to QC:

    A couple of thoughts:

    1. Can you run SAV32CLI, does this load the virus data OK?
    CMD running as admin:
    CD \Program Files\Sophos\Sophos Anti-Virus\
    SAV32CLI

    Does it error or scan?

    2. I've also seen such errors if there is an issue with the config files of SAV, specifically permissions.

    Can you check the permissions on the config directory and xml files (specifically machine.xml) under:
    \documents and settings\all users\application data\sophos\sophos anti-virus\config\.
    Can the SAVService.exe read/write to the config files OK given the account it is running as.  LocalService on 2003 I think.
    Maybe if you have a working XP/2003 server you can check the permissions match up.

    Hope it helps.

    Regards,

    Jak

  • In reply to jak:

    Hi Jak

     

    1. scanning

     

    2. permissions all look ok

  • In reply to paul foley1:

    In that case maybe verbose trace logging of SAVService will indicate the issue.  Can you follow:

    https://community.sophos.com/kb/en-us/38027

    to get an enhanced SAV.txt when the SAV Service starts.

    Don't forget to disable it once you have a SAV.txt that covers the startup issue.

    Regards,

    Jak

  • In reply to jak:

    hi Jak

     

    hope this is what you are looking for

     

    some info from the log. let me know if you need more

    20171004 093136 Debug: Begin ConfigureYourself() (File: .\PUAThreatComponentFactory.cpp, Line: 20)
    20171004 093136 Debug: End ConfigureYourself() (File: .\PUAThreatComponentFactory.cpp, Line: 49)
    20171004 093136 Debug: Begin ConfigureYourself() (File: .\ScannableMemoryFactory.cpp, Line: 70)
    20171004 093136 Debug: End ConfigureYourself() (File: .\ScannableMemoryFactory.cpp, Line: 99)
    20171004 093136 Debug: Begin ConfigureYourself() (File: .\ScannableRegistryFactory.cpp, Line: 78)
    20171004 093136 Debug: Begin ConfigureYourself() (File: .\ThreatCauseFactory.cpp, Line: 59)
    20171004 093136 Debug: End ConfigureYourself() (File: .\ThreatCauseFactory.cpp, Line: 103)
    20171004 093136 Debug: Begin BeginProcessing() (File: .\PUAThreatComponentFactory.cpp, Line: 58)
    20171004 093136 Debug: End BeginProcessing() (File: .\PUAThreatComponentFactory.cpp, Line: 60)
    20171004 093136 Debug: Begin BeginProcessing() (File: .\ScannableMemoryFactory.cpp, Line: 108)
    20171004 093136 Debug: End BeginProcessing() (File: .\ScannableMemoryFactory.cpp, Line: 110)
    20171004 093136 Debug: Begin BeginProcessing() (File: .\ThreatCauseFactory.cpp, Line: 112)
    20171004 093136 Debug: End BeginProcessing() (File: .\ThreatCauseFactory.cpp, Line: 114)
    20171004 093136 Debug: End ApplicationManager::ConfigureYourself (File: .\ApplicationManager-IManaged.cpp, Line: 35)
    20171004 093136 Debug: Begin ApplicationManager::BeginProcessing (File: .\ApplicationManager-IManaged.cpp, Line: 91)
    20171004 093136 Debug: End ApplicationManager::BeginProcessing (File: .\ApplicationManager-IManaged.cpp, Line: 91)
    20171004 093136 Debug: Begin CAuthorisationListManager::ConfigureYourself (File: .\AuthorisationListManager.cpp, Line: 78)
    20171004 093136 Debug: End CAuthorisationListManager::ConfigureYourself (File: .\AuthorisationListManager.cpp, Line: 95)
    20171004 093136 Debug: Begin CAuthorisationListManager::BeginProcessing (File: .\AuthorisationListManager.cpp, Line: 106)
    20171004 093136 Debug: Begin CAuthorisedFileList::LoadAuthorisedFileList (File: .\AuthorisedFileList.cpp, Line: 793)
    20171004 093136 Debug: End CAuthorisedFileList::LoadAuthorisedFileList (File: .\AuthorisedFileList.cpp, Line: 894)
    20171004 093136 Debug: End CAuthorisationListManager::BeginProcessing (File: .\AuthorisationListManager.cpp, Line: 127)
    20171004 093136 Debug: Begin CBackgroundScanFactory::ConfigureYourself (File: .\BackgroundScanFactory.cpp, Line: 56)
    20171004 093136 Debug: End CBackgroundScanFactory::ConfigureYourself (File: .\BackgroundScanFactory.cpp, Line: 73)
    20171004 093136 Debug: Begin CBackgroundScanFactory::BeginProcessing (File: .\BackgroundScanFactory.cpp, Line: 84)
    20171004 093136 Debug: End CBackgroundScanFactory::BeginProcessing (File: .\BackgroundScanFactory.cpp, Line: 100)
    20171004 093136 Debug: Begin BHOManager::ConfigureYourself (File: .\BHOManager.cpp, Line: 98)
    20171004 093136 Debug: End CTDEFactory::ConfigureYourself (File: .\TDEFactory.cpp, Line: 147)
    20171004 093136 Debug: End CScannableNodeFactory::ConfigureYourself (File: .\ScannableNodeFactory.cpp, Line: 184)
    20171004 093136 Debug: Begin ICManager::ConfigureYourself (File: .\ICManager-IManaged.cpp, Line: 79)
    20171004 093136 Debug: End CScannableDirItemFactory::ConfigureYourself (File: .\ScannableDirItemFactory.cpp, Line: 308)
    20171004 093136 Debug: Begin ConfigureYourself() (File: .\ScannableSectorFactory.cpp, Line: 73)
    20171004 093136 Debug: End ConfigureYourself() (File: .\ScannableSectorFactory.cpp, Line: 98)
    20171004 093136 Debug: Begin BeginProcessing() (File: .\ScannableSectorFactory.cpp, Line: 107)
    20171004 093136 Debug: End BeginProcessing() (File: .\ScannableSectorFactory.cpp, Line: 109)
    20171004 093136 Debug: Begin CVEManager::ConfigureYourself (File: .\VEManager.cpp, Line: 69)
    20171004 093136 Debug: End CVEManager::ConfigureYourself (File: .\VEManager.cpp, Line: 94)
    20171004 093136 Debug: Begin CVEManager::BeginProcessing (File: .\VEManager.cpp, Line: 141)
    20171004 093136 Debug: SupplementaryData::Load(): Begin Method (File: .\SupplementaryData.cpp, Line: 10)
    20171004 093136 Debug: BPAAdapterFactory::GetNewBPAAdapterInstance(): Begin Method (File: .\BPAAdapterFactory.cpp, Line: 12)
    20171004 093136 Debug: BPAAdapterFactory::GetNewBPAAdapterInstance(): Initialise failed for BPA proxy factory(0xa0040210) (File: .\BPAAdapterFactory.cpp, Line: 51)
    20171004 093136 Unable to load main virus data
    20171004 093136 Debug: End CVEManager::BeginProcessing (File: .\VEManager.cpp, Line: 205)
    20171004 093136 Debug: Begin ICManager::UpdateUseLocalChecksums (File: .\ICManager-IManaged.cpp, Line: 644)
    20171004 093136 Debug: Local checksums auto disabled. (File: .\ICManager-IManaged.cpp, Line: 675)
    20171004 093136 Debug: End ICManager::UpdateUseLocalChecksums (File: .\ICManager-IManaged.cpp, Line: 700)
    20171004 093136 Debug: Local checksum control initialised successfully. (File: .\ICManager-IManaged.cpp, Line: 344)
    20171004 093136 Debug: End ICManager::ConfigureYourself (File: .\ICManager-IManaged.cpp, Line: 495)
    20171004 093136 Debug: Begin ICManager::BeginProcessing (File: .\ICManager-IManaged.cpp, Line: 818)
    20171004 093136 Debug: Begin CTDEFactory::GetTDE (File: .\TDEFactory.cpp, Line: 50)
    20171004 093136 Debug: End CThreatDetectionEngine::SetLogSourceFactory (File: .\ThreatDetectionEngine.cpp, Line: 494)
    20171004 093136 Debug: Begin CThreatDetectionEngine::Configure (File: .\ThreatDetectionEngine.cpp, Line: 281)
    20171004 093136 Debug: Begin CThreatDetectionEngine::CloneClip (File: .\ThreatDetectionEngine.cpp, Line: 1199)
    20171004 093136 Debug: Begin CTDEFactory::GetFactory (File: .\TDEFactory.cpp, Line: 171)
    20171004 093136 Debug: End CTDEFactory::GetFactory (File: .\TDEFactory.cpp, Line: 204)
    20171004 093136 Debug: End CThreatDetectionEngine::CloneClip (File: .\ThreatDetectionEngine.cpp, Line: 1280)
    20171004 093136 Debug: Begin CThreatDetectionEngine::CreateAndConfigureProcessor (File: .\ThreatDetectionEngine.cpp, Line: 565)
    20171004 093136 Debug: Begin GetClipAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 144)
    20171004 093136 Debug: Begin GetANode (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 27)
    20171004 093136 Debug: End GetANode (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 64)
    20171004 093136 Debug: Begin GetNodeAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 74)
    20171004 093136 Debug: End GetNodeAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 93)
    20171004 093136 Debug: End GetClipAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 166)
    20171004 093136 Debug: SOCDecomposerFactory (File: .\ThreatDetectionEngine.cpp, Line: 610)
    20171004 093136 Debug: Begin CTDEFactory::GetFactory (File: .\TDEFactory.cpp, Line: 171)
    20171004 093136 Debug: End CSOCDecomposerFactory::ConfigureYourself (File: .\SOCDecomposerFactory.cpp, Line: 95)
    20171004 093136 Debug: Begin CSOCDecomposerFactory::BeginProcessing (File: .\SOCDecomposerFactory.cpp, Line: 110)
    20171004 093136 Debug: The Scannable Object Decomposer is ready to begin processing (File: .\SOCDecomposerFactory.cpp, Line: 117)
    20171004 093136 Debug: End CSOCDecomposerFactory::BeginProcessing (File: .\SOCDecomposerFactory.cpp, Line: 129)
    20171004 093136 Debug: End CTDEFactory::GetFactory (File: .\TDEFactory.cpp, Line: 204)
    20171004 093136 Debug: Begin CSOCDecomposerFactory::CreateProcessor (File: .\SOCDecomposerFactory.cpp, Line: 195)
    20171004 093136 Debug: End CSOCDecomposerFactory::CreateProcessor (File: .\SOCDecomposerFactory.cpp, Line: 251)
    20171004 093136 Debug: End CSOCDecomposer::SetLogSourceFactory (File: .\SOCDecomposer.cpp, Line: 382)
    20171004 093136 Debug: Begin IsClipEmpty (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 102)
    20171004 093136 Debug: End IsClipEmpty (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 134)
    20171004 093136 Debug: Begin CSOCDecomposer::SetConfig (File: .\SOCDecomposer.cpp, Line: 133)
    20171004 093136 Debug: End CSOCDecomposer::SetConfig (File: .\SOCDecomposer.cpp, Line: 153)
    20171004 093136 Debug: End CThreatDetectionEngine::CreateAndConfigureProcessor (File: .\ThreatDetectionEngine.cpp, Line: 687)
    20171004 093136 Debug: Begin CThreatDetectionEngine::GetProcessorData (File: .\ThreatDetectionEngine.cpp, Line: 700)
    20171004 093136 Debug: End CThreatDetectionEngine::GetProcessorData (File: .\ThreatDetectionEngine.cpp, Line: 729)
    20171004 093136 Debug: Begin CThreatDetectionEngine::CreateAndConfigureProcessor (File: .\ThreatDetectionEngine.cpp, Line: 565)
    20171004 093136 Debug: Begin GetClipAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 144)
    20171004 093136 Debug: Begin GetANode (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 27)
    20171004 093136 Debug: End GetANode (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 64)
    20171004 093136 Debug: Begin GetNodeAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 74)
    20171004 093136 Debug: End GetNodeAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 93)
    20171004 093136 Debug: End GetClipAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 166)
    20171004 093136 Debug: DriverOperationsFactory (File: .\ThreatDetectionEngine.cpp, Line: 610)
    20171004 093136 Debug: Begin CTDEFactory::GetFactory (File: .\TDEFactory.cpp, Line: 171)
    20171004 093136 Debug: Begin IManagedFullImpl<class CDriverFactoryGenerator<class CDriverOperations,103,&struct __s_GUID const _GUID_0ceb72a8_6b76_4ffb_adb4_d9d17c7bd63f>,&struct __s_GUID const _GUID_0ceb72a8_6b76_4ffb_adb4_d9d17c7bd63f,class ATL::CComAutoCriticalSection>::ConfigureYourself (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 63)
    20171004 093136 Debug: End IManagedFullImpl<class CDriverFactoryGenerator<class CDriverOperations,103,&struct __s_GUID const _GUID_0ceb72a8_6b76_4ffb_adb4_d9d17c7bd63f>,&struct __s_GUID const _GUID_0ceb72a8_6b76_4ffb_adb4_d9d17c7bd63f,class ATL::CComAutoCriticalSection>::ConfigureYourself (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 78)
    20171004 093136 Debug: Begin IManagedFullImpl<class CDriverFactoryGenerator<class CDriverOperations,103,&struct __s_GUID const _GUID_0ceb72a8_6b76_4ffb_adb4_d9d17c7bd63f>,&struct __s_GUID const _GUID_0ceb72a8_6b76_4ffb_adb4_d9d17c7bd63f,class ATL::CComAutoCriticalSection>::BeginProcessing (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 98)
    20171004 093136 Debug: End IManagedFullImpl<class CDriverFactoryGenerator<class CDriverOperations,103,&struct __s_GUID const _GUID_0ceb72a8_6b76_4ffb_adb4_d9d17c7bd63f>,&struct __s_GUID const _GUID_0ceb72a8_6b76_4ffb_adb4_d9d17c7bd63f,class ATL::CComAutoCriticalSection>::BeginProcessing (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 110)
    20171004 093136 Debug: End CTDEFactory::GetFactory (File: .\TDEFactory.cpp, Line: 204)
    20171004 093136 Debug: Begin IProcessorCreatorImpl<class CDriverFactoryGenerator<class CDriverOperations,103,&struct __s_GUID const _GUID_0ceb72a8_6b76_4ffb_adb4_d9d17c7bd63f>,class CDriverOperations>::CreateProcessor (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorCreatorImpl.h, Line: 57)
    20171004 093136 Debug: End IProcessorCreatorImpl<class CDriverFactoryGenerator<class CDriverOperations,103,&struct __s_GUID const _GUID_0ceb72a8_6b76_4ffb_adb4_d9d17c7bd63f>,class CDriverOperations>::CreateProcessor (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorCreatorImpl.h, Line: 106)
    20171004 093136 Debug: End IProcessorFullImpl<class CDriverProcessorGenerator<struct IControlOperations,102,&struct _GUID const CLSID_DriverOperations>,&struct _GUID const CLSID_DriverOperations,class ATL::CComAutoCriticalSection>::SetLogSourceFactory (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorFullImpl.h, Line: 143)
    20171004 093136 Debug: Begin IsClipEmpty (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 102)
    20171004 093136 Debug: End IsClipEmpty (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 134)
    20171004 093136 Debug: Begin IProcessorFullImpl<class CDriverProcessorGenerator<struct IControlOperations,102,&struct _GUID const CLSID_DriverOperations>,&struct _GUID const CLSID_DriverOperations,class ATL::CComAutoCriticalSection>::SetConfig (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorFullImpl.h, Line: 57)
    20171004 093136 Debug: End IProcessorFullImpl<class CDriverProcessorGenerator<struct IControlOperations,102,&struct _GUID const CLSID_DriverOperations>,&struct _GUID const CLSID_DriverOperations,class ATL::CComAutoCriticalSection>::SetConfig (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorFullImpl.h, Line: 76)
    20171004 093136 Debug: End CThreatDetectionEngine::CreateAndConfigureProcessor (File: .\ThreatDetectionEngine.cpp, Line: 687)
    20171004 093136 Debug: Begin CThreatDetectionEngine::GetProcessorData (File: .\ThreatDetectionEngine.cpp, Line: 700)
    20171004 093136 Debug: End CThreatDetectionEngine::GetProcessorData (File: .\ThreatDetectionEngine.cpp, Line: 729)
    20171004 093136 Debug: Begin CThreatDetectionEngine::CreateAndConfigureProcessor (File: .\ThreatDetectionEngine.cpp, Line: 565)
    20171004 093136 Debug: Begin GetClipAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 144)
    20171004 093136 Debug: Begin GetANode (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 27)
    20171004 093136 Debug: End GetANode (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 64)
    20171004 093136 Debug: Begin GetNodeAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 74)
    20171004 093136 Debug: End GetNodeAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 93)
    20171004 093136 Debug: End GetClipAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 166)
    20171004 093136 Debug: DriverExtensionsFactory (File: .\ThreatDetectionEngine.cpp, Line: 610)
    20171004 093136 Debug: Begin CTDEFactory::GetFactory (File: .\TDEFactory.cpp, Line: 171)
    20171004 093136 Debug: Begin IManagedFullImpl<class CDriverFactoryGenerator<class CDriverExtensions,105,&struct __s_GUID const _GUID_6f75e68a_ec54_427a_bf3f_936c2c22cfa8>,&struct __s_GUID const _GUID_6f75e68a_ec54_427a_bf3f_936c2c22cfa8,class ATL::CComAutoCriticalSection>::ConfigureYourself (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 63)
    20171004 093136 Debug: End IManagedFullImpl<class CDriverFactoryGenerator<class CDriverExtensions,105,&struct __s_GUID const _GUID_6f75e68a_ec54_427a_bf3f_936c2c22cfa8>,&struct __s_GUID const _GUID_6f75e68a_ec54_427a_bf3f_936c2c22cfa8,class ATL::CComAutoCriticalSection>::ConfigureYourself (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 78)
    20171004 093136 Debug: Begin IManagedFullImpl<class CDriverFactoryGenerator<class CDriverExtensions,105,&struct __s_GUID const _GUID_6f75e68a_ec54_427a_bf3f_936c2c22cfa8>,&struct __s_GUID const _GUID_6f75e68a_ec54_427a_bf3f_936c2c22cfa8,class ATL::CComAutoCriticalSection>::BeginProcessing (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 98)
    20171004 093136 Debug: End IManagedFullImpl<class CDriverFactoryGenerator<class CDriverExtensions,105,&struct __s_GUID const _GUID_6f75e68a_ec54_427a_bf3f_936c2c22cfa8>,&struct __s_GUID const _GUID_6f75e68a_ec54_427a_bf3f_936c2c22cfa8,class ATL::CComAutoCriticalSection>::BeginProcessing (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 110)
    20171004 093136 Debug: End CTDEFactory::GetFactory (File: .\TDEFactory.cpp, Line: 204)
    20171004 093136 Debug: Begin IProcessorCreatorImpl<class CDriverFactoryGenerator<class CDriverExtensions,105,&struct __s_GUID const _GUID_6f75e68a_ec54_427a_bf3f_936c2c22cfa8>,class CDriverExtensions>::CreateProcessor (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorCreatorImpl.h, Line: 57)
    20171004 093136 Debug: End IProcessorCreatorImpl<class CDriverFactoryGenerator<class CDriverExtensions,105,&struct __s_GUID const _GUID_6f75e68a_ec54_427a_bf3f_936c2c22cfa8>,class CDriverExtensions>::CreateProcessor (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorCreatorImpl.h, Line: 106)
    20171004 093136 Debug: End IProcessorFullImpl<class CDriverProcessorGenerator<struct IControlList,104,&struct _GUID const CLSID_DriverExtensions>,&struct _GUID const CLSID_DriverExtensions,class ATL::CComAutoCriticalSection>::SetLogSourceFactory (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorFullImpl.h, Line: 143)
    20171004 093136 Debug: Begin IsClipEmpty (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 102)
    20171004 093136 Debug: End IsClipEmpty (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 134)
    20171004 093136 Debug: Begin IProcessorFullImpl<class CDriverProcessorGenerator<struct IControlList,104,&struct _GUID const CLSID_DriverExtensions>,&struct _GUID const CLSID_DriverExtensions,class ATL::CComAutoCriticalSection>::SetConfig (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorFullImpl.h, Line: 57)
    20171004 093136 Debug: End IProcessorFullImpl<class CDriverProcessorGenerator<struct IControlList,104,&struct _GUID const CLSID_DriverExtensions>,&struct _GUID const CLSID_DriverExtensions,class ATL::CComAutoCriticalSection>::SetConfig (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorFullImpl.h, Line: 76)
    20171004 093136 Debug: End CThreatDetectionEngine::CreateAndConfigureProcessor (File: .\ThreatDetectionEngine.cpp, Line: 687)
    20171004 093136 Debug: Begin CThreatDetectionEngine::GetProcessorData (File: .\ThreatDetectionEngine.cpp, Line: 700)
    20171004 093136 Debug: End CThreatDetectionEngine::GetProcessorData (File: .\ThreatDetectionEngine.cpp, Line: 729)
    20171004 093136 Debug: Begin CThreatDetectionEngine::CreateAndConfigureProcessor (File: .\ThreatDetectionEngine.cpp, Line: 565)
    20171004 093136 Debug: Begin GetClipAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 144)
    20171004 093136 Debug: Begin GetANode (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 27)
    20171004 093136 Debug: End GetANode (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 64)
    20171004 093136 Debug: Begin GetNodeAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 74)
    20171004 093136 Debug: End GetNodeAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 93)
    20171004 093136 Debug: End GetClipAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 166)
    20171004 093136 Debug: FileExclusionsFactory (File: .\ThreatDetectionEngine.cpp, Line: 610)
    20171004 093136 Debug: Begin CTDEFactory::GetFactory (File: .\TDEFactory.cpp, Line: 171)
    20171004 093136 Debug: Begin IManagedFullImpl<class CDriverFactoryGenerator<class CFileExclusions,111,&struct __s_GUID const _GUID_d98db382_c36f_49cb_9927_013b9a4202af>,&struct __s_GUID const _GUID_d98db382_c36f_49cb_9927_013b9a4202af,class ATL::CComAutoCriticalSection>::ConfigureYourself (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 63)
    20171004 093136 Debug: End IManagedFullImpl<class CDriverFactoryGenerator<class CFileExclusions,111,&struct __s_GUID const _GUID_d98db382_c36f_49cb_9927_013b9a4202af>,&struct __s_GUID const _GUID_d98db382_c36f_49cb_9927_013b9a4202af,class ATL::CComAutoCriticalSection>::ConfigureYourself (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 78)
    20171004 093136 Debug: Begin IManagedFullImpl<class CDriverFactoryGenerator<class CFileExclusions,111,&struct __s_GUID const _GUID_d98db382_c36f_49cb_9927_013b9a4202af>,&struct __s_GUID const _GUID_d98db382_c36f_49cb_9927_013b9a4202af,class ATL::CComAutoCriticalSection>::BeginProcessing (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 98)
    20171004 093136 Debug: End IManagedFullImpl<class CDriverFactoryGenerator<class CFileExclusions,111,&struct __s_GUID const _GUID_d98db382_c36f_49cb_9927_013b9a4202af>,&struct __s_GUID const _GUID_d98db382_c36f_49cb_9927_013b9a4202af,class ATL::CComAutoCriticalSection>::BeginProcessing (File: c:\build\build\interchecksubsystem\modules\icprocessors\IManagedFullImpl.h, Line: 110)
    20171004 093136 Debug: End CTDEFactory::GetFactory (File: .\TDEFactory.cpp, Line: 204)
    20171004 093136 Debug: Begin IProcessorCreatorImpl<class CDriverFactoryGenerator<class CFileExclusions,111,&struct __s_GUID const _GUID_d98db382_c36f_49cb_9927_013b9a4202af>,class CFileExclusions>::CreateProcessor (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorCreatorImpl.h, Line: 57)
    20171004 093136 Debug: End IProcessorCreatorImpl<class CDriverFactoryGenerator<class CFileExclusions,111,&struct __s_GUID const _GUID_d98db382_c36f_49cb_9927_013b9a4202af>,class CFileExclusions>::CreateProcessor (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorCreatorImpl.h, Line: 106)
    20171004 093136 Debug: End IProcessorFullImpl<class CDriverProcessorGenerator<struct IControlList,110,&struct _GUID const CLSID_FileExclusions>,&struct _GUID const CLSID_FileExclusions,class ATL::CComAutoCriticalSection>::SetLogSourceFactory (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorFullImpl.h, Line: 143)
    20171004 093136 Debug: Begin IsClipEmpty (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 102)
    20171004 093136 Debug: End IsClipEmpty (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 134)
    20171004 093136 Debug: Begin IProcessorFullImpl<class CDriverProcessorGenerator<struct IControlList,110,&struct _GUID const CLSID_FileExclusions>,&struct _GUID const CLSID_FileExclusions,class ATL::CComAutoCriticalSection>::SetConfig (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorFullImpl.h, Line: 57)
    20171004 093136 Debug: End IProcessorFullImpl<class CDriverProcessorGenerator<struct IControlList,110,&struct _GUID const CLSID_FileExclusions>,&struct _GUID const CLSID_FileExclusions,class ATL::CComAutoCriticalSection>::SetConfig (File: c:\build\build\interchecksubsystem\modules\icprocessors\IProcessorFullImpl.h, Line: 76)
    20171004 093136 Debug: End CThreatDetectionEngine::CreateAndConfigureProcessor (File: .\ThreatDetectionEngine.cpp, Line: 687)
    20171004 093136 Debug: Begin CThreatDetectionEngine::GetProcessorData (File: .\ThreatDetectionEngine.cpp, Line: 700)
    20171004 093136 Debug: End CThreatDetectionEngine::GetProcessorData (File: .\ThreatDetectionEngine.cpp, Line: 729)
    20171004 093136 Debug: Begin CThreatDetectionEngine::CreateAndConfigureProcessor (File: .\ThreatDetectionEngine.cpp, Line: 565)
    20171004 093136 Debug: Begin GetClipAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 144)
    20171004 093136 Debug: Begin GetANode (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 27)
    20171004 093136 Debug: End GetANode (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 64)
    20171004 093136 Debug: Begin GetNodeAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 74)
    20171004 093136 Debug: End GetNodeAttribute (File: c:\build\build\threatdetectionsubsystem\modules\threatdetection\ConfigurationHelper.h, Line: 93)

  • In reply to paul foley1:

    It would be interesting to see a working 2003 server log with this level of logging from service startup for reference but I assume the error in red is the problem:

    20171004 093136 Debug: BPAAdapterFactory::GetNewBPAAdapterInstance(): Begin Method (File: .\BPAAdapterFactory.cpp, Line: 12)
    20171004 093136 Debug: BPAAdapterFactory::GetNewBPAAdapterInstance(): Initialise failed for BPA proxy factory(0xa0040210) (File: .\BPAAdapterFactory.cpp, Line: 51)
    20171004 093136 Unable to load main virus data

    The next line following it is the line you see in SAV.txt under regular logging, i.e. "Unable to load main virus data".

    Is:

    20171004 093136 Debug: Begin ConfigureYourself() (File: .\PUAThreatComponentFactory.cpp, Line: 20)

    Really the first line in the log when starting the service?

    Is the error I mention the first one since the start of the service and before the line "Unable to load main virus data"?

    Regards,

    Jak