PLEASE READ Advisory: Kernel memory issue affecting multiple OS (aka F**CKWIT, KAISER, KPTI, Meltdown & Spectre) for the latest updates.
We'd love to hear about it! Click here to go to the product suggestion community
We are now unable to install Office365 / Office 2016 using the Office Deployment Tool. Because we have a bunch of new things from Sophos going on (new firewall, anti-virus int he cloud and the "ultimate" beta) we are struggling to find the source of the problem.
We do know there are issues with the firewall and the download of the software.
We also know that once we get around the download problem the installation is failing both inside and outside the firewall, indicating that it might be an antivirus issue.
The error I can find is "C2R client returned failing error code 17002". Following through Microsoft's troubleshooting, the one thing I haven't done yet is disable anti-virus.
When deploying to enterprises (even small ones like mine) having to disable anti-virus on each one to deploy software is going to be a pain in the butt. ( I posted something about not being able to disable tamper protection for "Spectrum" / "Sophos Ultimate").
Please include ways that administrators can distribute software without massive painful hurdles to cross.
Disabling as many of the possible scans as I could through the Spectrum control panel (whatever the name is) I was able to get Office to install. There were not alerts as to something being blocked that I could find.
How can you know that you must disable anti-virus and other scanners to be able to do something unless there is some information given that tells us?
I agree Daniel, it would be nice to disable Tamper Protection from the Sophos Central and then push out the install right from your desk. Instead we have to sneakernet to the machine, put in the password, and disable it. The Enterprise Console version used to allow this, if I remember correctly, (set via policy)
In reply to JamiePassalacqua:
We don't need to disable tamper protection if we can disable whatever it is that is keeping us from not being able to install Office, We know it is something with endpoint protection, but not what.
We need better information from the endpoint protection / Sophos Central to identify what the source of the problem is.
Today we have faced issue with installation of Office 2016 /Office 365 package downloaded directly from microsoft website.
Here is the error which was generated by Sophos:
Disabling switches from the spectrum control panel didn't resolve issue. We had to stop some services in the windows console. Tried to disable almost all of them, but installation continued after hitmanpro.alert service was stopped.
Here is error from the sophos central panel:
'Lockdown' exploit prevented in Microsoft Office Software Protection Platform Service
In reply to LukaszNaumowicz:
Question for you - are you using a Sophos UTM ?
We will need the following sent to us:-
You can use https://www.wetransfer.com/ for free to send us the file. Suggest you zip them all together and use a password. Please send the details to me via the forum messaging.
In reply to Rincewind:
We use SF-OS.
I had this issue trying to install QuarkXpress, in the end what I had to do was set a zero feature policy, reboot the computer then re-set the policys' security settings and then I was allowed to install. It seemed like Intercept went into an aptly named lockdown state and I wasn't able to install any applications.
Hope that helps!
We are also experiencing install issues of Office 365 with Sophos Intercept installed. We've tried the offline installer and online installer, both result in the same error.
So far the problem is 100% repeatable on multiple computers and does not repeat with it disabled or uninstalled. Only a few of our IT team have installed it for now, so this is just informational.
Here is a screenshot of the error received while installing:
In reply to JoshKneeland:
So far we haven't seen this when testing with the GA code builds. I tried this on one of my lab Win 7 x86 computers and Office365 installed without any issues.
We are expecting the release code to ship this week and I'd be interested in your experience with Office365 installations at that time.
I am seeing that with Sophos Cloud Endpoint Advanced (or whatever the new one is called w/ the blue Sophos icon circle) installed it appears impossible to install Office 365 Business x86 or x64. Doesn't matter if you use ODT or the C2R stream installer. Sometimes it gets through the install and fails at the end, sometimes it just sits forever.
The machine I am having the issue with is a Win 10 Pro 1511 x64.
In reply to gopcllc:
I'm experiencing the same issue with the latest licensed version of Intercept X managed by cloud. Disabling Sophos allows the individual Office applications to install, but I don't see any events that indicate Sophos is actively blocking them.
We are having the exact same issue. We cannot install office C2R through the deployment tool while Intercept is enabled. Disabling it and it work okays. We get no reports in the error log of what is being blocked so I can't setup exceptions. If it at lest told me what is it was blocking I would know what to allow. As it stands this makes doing deployments impossible.
Can you let us know what OS you are using and if you are accessing the internet via a UTM ?
No UTM on my customer, Windows 10 Pro x64 build is 1511. End users are not local admins on the box. Not sure if that matters. No other filtering installed on machine, but they are on a heavily locked down corporate network outside of our control.
Also, I actually don't know if I even have Intercept, I have the new version of Cloud Endpoint Advanced. It was pushed to me on 9/22 I think.
Windows 7 Enterprise 64bit. They are connected via a UTM9.