Sophos Tester not installing Win.10 v1803

Howdy, please advise on how to install the sophos tester v3.2.0.12 on to W10 x64 system for testing. Error message: Install failed. Then the next error: HERE:show usage.
Note, that we have checked and no tester dll files in the c:\windows\system32 dir, also note if running the install to a sandboxie space allows the tool to install/run but not execute any test due it not interacting to various apps such as chrome, adobe, etc.

Regards

MaxB

  • You aren't the only one experiencing this issue. I'm having it on some of most of my 64bit OS's.

  • Does any one have a suggestion on this issue? Perhaps a good question is why the tool needs installation and cant run as a 'portable application' ?

  • Hi MX@DTG,

    Can you try installing with version of Sophostester from here? If you still see it failing can you provide me the SophosTest-install.log from the user temp folder.

  • In reply to Gowtham Mani:

    Hi Gowtham Mani, I tried to install the file (SophosTesterv3212) after downloading same issue as before?

     

    Please note that if I run the installer in a sandboxie then it executes but when executing the different exploit it fails to load the driver.

     


    Regards

    MX@DTG

  • In reply to MX@DTG:

    Hi ,

    Did you find any SophosTest-install.log in the user temp folder?

  • In reply to Gowtham Mani:

    Hi Gowtham, 

    Yes found the SophosTest-install.log in the %Temp% folder 

    (attached)

    Log ends with:

    SophosTester-install.log
    2018-07-26T09:50:35.266  --- Install started ---
    2018-07-26T09:50:35.268  InstallFolder: error 5; CreateDirectory("C:\Program Files (x86)\Sophos")
    2018-07-26T09:50:35.269  --- Uninstall started ---
    2018-07-26T09:50:35.271  UninstallDriver: "tester" does not exist
    2018-07-26T09:50:35.272  UninstallFile: "C:\WINDOWS\SysWOW64\tester86.dll" not found
    2018-07-26T09:50:35.273  UninstallFile: "C:\WINDOWS\system32\tester64.dll" not found
    2018-07-26T09:50:35.274  UninstallFile: "C:\WINDOWS\system32\drivers\tester64.sys" not found
    2018-07-26T09:50:35.275  DeleteUninstallInfo: error 2; RegCreateKey("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall", "Sophos Tester")
    2018-07-26T09:50:35.276  UninstallFile: error 3; DeleteFile("C:\Program Files (x86)\Sophos\Sophos Tester\helper.exe")
    2018-07-26T09:50:35.277  UninstallFile: error 3; DeleteFile("C:\Program Files (x86)\Sophos\Sophos Tester\SophosTester.exe")
    2018-07-26T09:50:35.277  UninstallFolder: error 2; RemoveDirectory("C:\Program Files (x86)\Sophos\Sophos Tester")
    2018-07-26T09:50:35.278  UninstallFolder: error 5; RemoveDirectory("C:\Program Files (x86)\Sophos")
    2018-07-26T09:50:35.279  --- Uninstall finished (success) --- 
    2018-07-26T09:50:35.280  --- Install finished (failed) --- 
    

    2018-07-26T09:50:35.279 --- Uninstall finished (success) ---
    2018-07-26T09:50:35.280 --- Install finished (failed) ---

  • In reply to MX@DTG:

    Hi MX@DTG,

    From the log:

    2018-07-26T09:50:35.268  InstallFolder: error 5; CreateDirectory("C:\Program Files (x86)\Sophos")  - I belive it could permission issue.

    Can you try creating the Directory "C:\Program Files (x86)\Sophos" and assign the permission's and then retry the installation?

  • In reply to Gowtham Mani:

    The dir: 'C:\Program Files (x86)\Sophos' already exists as I am using the Sophos Central Endpoint with Intercept X

    To me its quite risky to change permisions on the programs folder Sophos, 

     

    Should I create a sub folder and assign permission to that?

     

    Regards

  • In reply to MX@DTG:

    Hi MX@DTG,

    If the directory: 'C:\Program Files (x86)\Sophos' already exists, then setting the permission would the next suggestion I would suggest. Can you try installing it on some other test machine with the required permission and let us know if that works? 

  • Do you have Sophos Central on affected machine?

    If yes, disable Tamper Protection.

  • As others have said, you will need to DISABLE TAMPER PROTECTION to install SophosTester.

    it can be turned back on once installed.

  • In reply to AzRoN:

    Thanks AzRoN, this resolved the issue.

    Geeked