2017-11-01 12:50:52 ExtractClassicConfig: Action started 2017-11-01 12:50:52 ExtractClassicConfig: Action succeeded 2017-11-01 12:50:52 PreInstallChecks: Action started 2017-11-01 12:50:52 PreInstallChecks: Action succeeded 2017-11-01 12:50:52 SetClassFilterPresentProperty: Action started 2017-11-01 12:50:52 SetClassFilterPresentProperty: Setting class filter present property to: 1 2017-11-01 12:50:52 SetClassFilterPresentProperty: Action succeeded 2017-11-01 12:50:52 SetDriverProperty: Action started 2017-11-01 12:50:52 SetDriverProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-11-01 12:50:52 SetDriverProperty: Action succeeded 2017-11-01 12:50:52 SetProcessorProperties: Action started 2017-11-01 12:50:52 SetProcessorProperties: Action succeeded 2017-11-01 12:50:52 SetRestoreExcludedProcessesProperty: Action started 2017-11-01 12:50:52 SetRestoreExcludedProcessesProperty: SetRestoreExcludedProcessesProperty 2017-11-01 12:50:52 SetRestoreExcludedProcessesProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-11-01 12:50:52 SetRestoreExcludedProcessesProperty: Action succeeded 2017-11-01 12:50:58 CheckRegForNullDACLs: Action started 2017-11-01 12:50:58 CheckRegForNullDACLs: Action succeeded 2017-11-01 12:50:58 SetUpdateBegin: Action started 2017-11-01 12:50:58 SetUpdateBegin: Action succeeded 2017-11-01 12:50:58 CloseSavMainWindow: Action started 2017-11-01 12:50:58 CloseSavMainWindow: Action succeeded 2017-11-01 12:50:58 DisableServices: Action started 2017-11-01 12:50:59 DisableServices: Action succeeded 2017-11-01 12:51:00 ForceStopSAVService: Action started 2017-11-01 12:51:00 ForceStopSAVService: ForceStopService: Stopping SAVService 2017-11-01 12:51:01 ForceStopSAVService: ForceStopService: Checking if service is still running 2017-11-01 12:51:01 ForceStopSAVService: ForceStopService: Stopping SAVAdminService 2017-11-01 12:51:01 ForceStopSAVService: ForceStopService: Checking if service is still running 2017-11-01 12:51:01 ForceStopSAVService: ForceStopSAVService: Services have been stopped 2017-11-01 12:51:01 ForceStopSAVService: Action succeeded 2017-11-01 12:51:01 WaitForSAVService: Action started 2017-11-01 12:51:01 WaitForSAVService: WaitForSAVService: Walking system processes... 2017-11-01 12:51:01 WaitForSAVService: WaitForSAVService: Finished walking system processes. 2017-11-01 12:51:01 WaitForSAVService: Action succeeded 2017-11-01 12:51:01 CheckUninstallDrivers: Action started 2017-11-01 12:51:01 CheckUninstallDrivers: IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess control. Returning false. 2017-11-01 12:51:01 CheckUninstallDrivers: IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess filter. Returning false. 2017-11-01 12:51:01 CheckUninstallDrivers: Action succeeded 2017-11-01 12:51:01 DeleteIDEs: Action started 2017-11-01 12:51:01 DeleteIDEs: Action succeeded 2017-11-01 12:51:01 DeleteBDLs: Action started 2017-11-01 12:51:01 DeleteBDLs: Action succeeded 2017-11-01 12:51:01 DeleteHIPSConfig: Action started 2017-11-01 12:51:01 DeleteHIPSConfig: Action succeeded 2017-11-01 12:51:01 RemoveFilesOnUpgrade: Action started 2017-11-01 12:51:01 RemoveFilesOnUpgrade: Action succeeded 2017-11-01 12:51:01 UpdateSavAdapterDll: Action started 2017-11-01 12:51:11 UpdateSavAdapterDll: Action succeeded 2017-11-01 12:51:11 UpdateDesktopMessaging: Action started 2017-11-01 12:51:11 UpdateDesktopMessaging: UpdateDesktopMessaging: Could not delete SAVPlugin registry key(2) 2017-11-01 12:51:11 UpdateDesktopMessaging: Action succeeded 2017-11-01 12:51:11 CopyOtherFiles: Action started 2017-11-01 12:51:11 CopyOtherFiles: CopyOtherFiles custom action - Copying other driver files 2017-11-01 12:51:11 CopyOtherFiles: Copying class filter source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\sdcfilter\win7_amd64\SDCFILTER.INF, target: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\ 2017-11-01 12:51:11 CopyOtherFiles: Copying boot driver source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\boottasks\win7_amd64\SOPHOSBOOTDRIVER.INF, target: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\ 2017-11-01 12:51:11 CopyOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll detoured exists, proceeding to rename it & mark for delete. 2017-11-01 12:51:11 CopyOtherFiles: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-11-01 12:51:11 CopyOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll detoured exists, proceeding to rename it & mark for delete. 2017-11-01 12:51:11 CopyOtherFiles: Copying boot tasks source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\boottasks\win7_amd64\SophosBootTasks.exe, target: C:\Windows\system32\ 2017-11-01 12:51:11 CopyOtherFiles: Action succeeded 2017-11-01 12:51:11 ForceDeleteUserPlugin: Action started 2017-11-01 12:51:11 ForceDeleteUserPlugin: Error deleting DesktopMessaging registry key. Returned error was: The system cannot find the file specified. 2017-11-01 12:51:11 ForceDeleteUserPlugin: Error deleting user pluging registry key. Returned error was: The system cannot find the file specified. 2017-11-01 12:51:11 ForceDeleteUserPlugin: Action succeeded 2017-11-01 12:51:11 RegisterBufferOverflowProtection: Action started 2017-11-01 12:51:11 RegisterBufferOverflowProtection: BopsUnregister: could not get short path to DLL. It will not be unregistered. 2017-11-01 12:51:11 RegisterBufferOverflowProtection: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\detoured.dll does not exist, no further action. 2017-11-01 12:51:11 RegisterBufferOverflowProtection: BOPS path already exists 2017-11-01 12:51:11 RegisterBufferOverflowProtection: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-11-01 12:51:11 RegisterBufferOverflowProtection: BOPS path already exists 2017-11-01 12:51:11 RegisterBufferOverflowProtection: Action succeeded 2017-11-01 12:51:11 RestoreExcludedProcesses: Action started 2017-11-01 12:51:11 RestoreExcludedProcesses: RestoreExcludedProcesses 2017-11-01 12:51:11 RestoreExcludedProcesses: Empty excluded processes property. Nothing to be done. 2017-11-01 12:51:11 RestoreExcludedProcesses: Action succeeded 2017-11-01 12:51:11 StartDriverServices: Action started 2017-11-01 12:51:11 StartDriverServices: IsServiceRunning: Unable to get a handle to requested service skmscan. Returning false. 2017-11-01 12:51:11 StartDriverServices: Unable to get a handle to kms service - service will not be started until next reboot 2017-11-01 12:51:11 StartDriverServices: Mini filter service is running 2017-11-01 12:51:11 StartDriverServices: Action succeeded 2017-11-01 12:51:14 CreateUserGroups: Action started 2017-11-01 12:51:14 CreateUserGroups: Unable to create local SophosUserGroup 2017-11-01 12:51:14 CreateUserGroups: Unable to create local SophosPowerGroup 2017-11-01 12:51:14 CreateUserGroups: Unable to create local SophosAdminGroup 2017-11-01 12:51:14 CreateUserGroups: Unable to create local OnAccessGroup 2017-11-01 12:51:15 CreateUserGroups: Local name of well-known group Administrators is Administrators 2017-11-01 12:51:15 CreateUserGroups: Local name of well-known group PowerUsers is Power Users 2017-11-01 12:51:15 CreateUserGroups: Local name of well-known group Users is Users 2017-11-01 12:51:15 CreateUserGroups: SophosUser already exists - skipped adding members 2017-11-01 12:51:15 CreateUserGroups: SophosPowerUser already exists - skipped adding members 2017-11-01 12:51:15 CreateUserGroups: SophosAdministrator already exists - skipped adding members 2017-11-01 12:51:15 CreateUserGroups: Adding LOCAL SYSTEM to the SophosAdministrator role in the machine file 2017-11-01 12:51:15 CreateUserGroups: No need to restart Sophos Agent service 2017-11-01 12:51:15 CreateUserGroups: Action succeeded 2017-11-01 12:51:15 PurgeIOfficeAVCache: Action started 2017-11-01 12:51:15 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-11-01 12:51:15 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-11-01 12:51:15 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-11-01 12:51:15 PurgeIOfficeAVCache: Opened key name S-1-5-21-1645522239-287218729-682003330-465432\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49} 2017-11-01 12:51:15 PurgeIOfficeAVCache: Unable to remove Enum sub key: 0x2 2017-11-01 12:51:15 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-11-01 12:51:15 PurgeIOfficeAVCache: Opened key name S-1-5-21-1645522239-287218729-682003330-465432\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49} 2017-11-01 12:51:15 PurgeIOfficeAVCache: Unable to remove Enum sub key: 0x2 2017-11-01 12:51:15 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-11-01 12:51:15 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-11-01 12:51:15 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-11-01 12:51:15 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-11-01 12:51:15 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-11-01 12:51:15 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-11-01 12:51:15 PurgeIOfficeAVCache: Action succeeded 2017-11-01 12:51:15 EnableAttachmentScanning: Action started 2017-11-01 12:51:15 EnableAttachmentScanning: ScanWithAntiVirus value is already set to 3 2017-11-01 12:51:15 EnableAttachmentScanning: Action succeeded 2017-11-01 12:51:15 AddDomainGroups: Action started 2017-11-01 12:51:15 AddDomainGroups: Found SophosDomainUser group 2017-11-01 12:51:15 AddDomainGroups: Found SophosDomainPowerUser group 2017-11-01 12:51:15 AddDomainGroups: Found SophosDomainAdministrator group 2017-11-01 12:51:15 AddDomainGroups: Added SophosDomainAdministrator group to SophosAdministrator group 2017-11-01 12:51:15 AddDomainGroups: Added SophosDomainPowerUser group to SophosPowerUser group 2017-11-01 12:51:15 AddDomainGroups: Added SophosDomainUser group to SophosUser group 2017-11-01 12:51:15 AddDomainGroups: Action succeeded 2017-11-01 12:51:17 UpdateSAVI: Action started 2017-11-01 12:51:18 UpdateSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate 2017-11-01 12:51:18 UpdateSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__ 2017-11-01 12:51:18 UpdateSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate 2017-11-01 12:51:18 UpdateSAVI: UpdateRequest signalled 2017-11-01 12:51:18 UpdateSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended 2017-11-01 12:51:18 UpdateSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__ 2017-11-01 12:51:18 UpdateSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended 2017-11-01 12:51:18 UpdateSAVI: MSCM version orig: 0.3.0.90 new: 0.3.0.90 2017-11-01 12:51:19 UpdateSAVI: SAVI dll was installed successfully 2017-11-01 12:51:19 UpdateSAVI: Action succeeded 2017-11-01 12:51:19 SetFolderPermissions: Action started 2017-11-01 12:51:19 SetFolderPermissions: We are running on XP or higher - adding LocalService to permissions on config files 2017-11-01 12:51:19 SetFolderPermissions: We are running on XP or higher - adding LocalService to permissions on config files 2017-11-01 12:51:19 SetFolderPermissions: Action succeeded 2017-11-01 12:51:24 CreateTamperProtectionRegKey: Action started 2017-11-01 12:51:24 CreateTamperProtectionRegKey: Action succeeded 2017-11-01 12:51:24 SetServiceXP: Action started 2017-11-01 12:51:24 SetServiceXP: Action succeeded 2017-11-01 12:51:24 SetSAVServiceSID: Action started 2017-11-01 12:51:24 SetSAVServiceSID: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-11-01 12:51:24 SetSAVServiceSID: Action succeeded 2017-11-01 12:51:24 SetServiceSecurity: Action started 2017-11-01 12:51:25 SetServiceSecurity: Adding SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP to SavService launch permissions 2017-11-01 12:51:25 SetServiceSecurity: Adding SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP to SavService launch permissions 2017-11-01 12:51:25 SetServiceSecurity: Action succeeded 2017-11-01 12:51:25 SetServiceRecoveryActions: Action started 2017-11-01 12:51:26 SetServiceRecoveryActions: Action succeeded 2017-11-01 12:51:26 InstallDeviceControl: Action started 2017-11-01 12:51:26 InstallDeviceControl: InstallDeviceControlInstallDeviceControl: Failed to copy sdcservice (0x80070020) 2017-11-01 12:51:26 InstallDeviceControl: Action succeeded 2017-11-01 12:51:26 RemoveTamperProtectionRegKey: Action started 2017-11-01 12:51:26 RemoveTamperProtectionRegKey: Action succeeded 2017-11-01 12:51:35 UpdateDesktopMessaging: Action started 2017-11-01 12:51:35 UpdateDesktopMessaging: UpdateDesktopMessaging: Could not delete SAVPlugin registry key(2) 2017-11-01 12:51:35 UpdateDesktopMessaging: Action succeeded 2017-11-01 12:51:35 RollbackUpdateSavAdapterDll: Action started 2017-11-01 12:51:35 RollbackUpdateSavAdapterDll: Action succeeded 2017-11-01 12:51:40 RollbackDisableServices: Action started 2017-11-01 12:51:40 RollbackDisableServices: Action succeeded 2017-11-01 12:51:40 RunErrorScripts: Action started 2017-11-01 12:51:40 RunErrorScripts: Action succeeded 2017-11-01 12:51:40 RestoreMovedFiles: Action started 2017-11-01 12:51:40 RestoreMovedFiles: Action succeeded 2017-11-01 12:51:40 SetUpdateFailed: Action started 2017-11-01 12:51:47 SetUpdateFailed: Action succeeded