2017-07-05 11:04:17 ExtractClassicConfig: Action started 2017-07-05 11:04:17 ExtractClassicConfig: Action succeeded 2017-07-05 11:04:17 PreInstallChecks: Action started 2017-07-05 11:04:17 PreInstallChecks: Action succeeded 2017-07-05 11:04:17 SetBootDriverStartupProperty: Action started 2017-07-05 11:04:17 SetBootDriverStartupProperty: Boot driver: not installed. 2017-07-05 11:04:17 SetBootDriverStartupProperty: Action succeeded 2017-07-05 11:04:17 SetClassFilterPresentProperty: Action started 2017-07-05 11:04:17 SetClassFilterPresentProperty: Setting class filter present property to: 0 2017-07-05 11:04:17 SetClassFilterPresentProperty: Action succeeded 2017-07-05 11:04:17 SetDriverProperty: Action started 2017-07-05 11:04:17 SetDriverProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-07-05 11:04:17 SetDriverProperty: Action succeeded 2017-07-05 11:04:17 SetProcessorProperties: Action started 2017-07-05 11:04:17 SetProcessorProperties: Action succeeded 2017-07-05 11:04:17 SetRestoreExcludedProcessesProperty: Action started 2017-07-05 11:04:17 SetRestoreExcludedProcessesProperty: SetRestoreExcludedProcessesProperty 2017-07-05 11:04:17 SetRestoreExcludedProcessesProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-07-05 11:04:17 SetRestoreExcludedProcessesProperty: Action succeeded 2017-07-05 11:04:23 CheckRegForNullDACLs: Action started 2017-07-05 11:04:23 CheckRegForNullDACLs: Action succeeded 2017-07-05 11:04:24 WaitForSAVService: Action started 2017-07-05 11:04:24 WaitForSAVService: WaitForSAVService: Walking system processes... 2017-07-05 11:04:24 WaitForSAVService: WaitForSAVService: Finished walking system processes. 2017-07-05 11:04:24 WaitForSAVService: Action succeeded 2017-07-05 11:04:24 CheckUninstallDrivers: Action started 2017-07-05 11:04:24 CheckUninstallDrivers: IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess control. Returning false. 2017-07-05 11:04:24 CheckUninstallDrivers: IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess filter. Returning false. 2017-07-05 11:04:24 CheckUninstallDrivers: Action succeeded 2017-07-05 11:04:24 DeleteIDEs: Action started 2017-07-05 11:04:24 DeleteIDEs: Action succeeded 2017-07-05 11:04:24 DeleteBDLs: Action started 2017-07-05 11:04:24 DeleteBDLs: Action succeeded 2017-07-05 11:04:24 DeleteHIPSConfig: Action started 2017-07-05 11:04:24 DeleteHIPSConfig: Action succeeded 2017-07-05 11:04:24 UpdateSavAdapterDll: Action started 2017-07-05 11:04:34 UpdateSavAdapterDll: Action succeeded 2017-07-05 11:04:34 UpdateDesktopMessaging: Action started 2017-07-05 11:04:34 UpdateDesktopMessaging: UpdateDesktopMessaging: Could not delete SAVPlugin registry key(2) 2017-07-05 11:04:34 UpdateDesktopMessaging: Action succeeded 2017-07-05 11:04:34 CopyOtherFiles: Action started 2017-07-05 11:04:34 CopyOtherFiles: CopyOtherFiles custom action - Copying other driver files 2017-07-05 11:04:34 CopyOtherFiles: Copying class filter source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\sdcfilter\win7_amd64\SDCFILTER.INF, target: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\ 2017-07-05 11:04:34 CopyOtherFiles: Copying boot driver source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\boottasks\win7_amd64\SOPHOSBOOTDRIVER.INF, target: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\ 2017-07-05 11:04:34 CopyOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll detoured exists, proceeding to rename it & mark for delete. 2017-07-05 11:04:34 CopyOtherFiles: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-07-05 11:04:34 CopyOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll detoured exists, proceeding to rename it & mark for delete. 2017-07-05 11:04:34 CopyOtherFiles: Copying boot tasks source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\boottasks\win7_amd64\SophosBootTasks.exe, target: C:\Windows\system32\ 2017-07-05 11:04:34 CopyOtherFiles: Action succeeded 2017-07-05 11:04:34 RegisterBufferOverflowProtection: Action started 2017-07-05 11:04:34 RegisterBufferOverflowProtection: BopsUnregister: could not get short path to DLL. It will not be unregistered. 2017-07-05 11:04:34 RegisterBufferOverflowProtection: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\detoured.dll does not exist, no further action. 2017-07-05 11:04:34 RegisterBufferOverflowProtection: BOPS path already exists 2017-07-05 11:04:34 RegisterBufferOverflowProtection: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-07-05 11:04:34 RegisterBufferOverflowProtection: BOPS path already exists 2017-07-05 11:04:34 RegisterBufferOverflowProtection: Action succeeded 2017-07-05 11:04:34 RestoreExcludedProcesses: Action started 2017-07-05 11:04:34 RestoreExcludedProcesses: RestoreExcludedProcesses 2017-07-05 11:04:34 RestoreExcludedProcesses: Empty excluded processes property. Nothing to be done. 2017-07-05 11:04:34 RestoreExcludedProcesses: Action succeeded 2017-07-05 11:04:34 StartDriverServices: Action started 2017-07-05 11:04:34 StartDriverServices: IsServiceRunning: Unable to get a handle to requested service skmscan. Returning false. 2017-07-05 11:04:34 StartDriverServices: Unable to get a handle to kms service - service will not be started until next reboot 2017-07-05 11:04:34 StartDriverServices: Action succeeded 2017-07-05 11:04:35 CreateUserGroups: Action started 2017-07-05 11:04:36 CreateUserGroups: Local name of well-known group Administrators is Administrators 2017-07-05 11:04:36 CreateUserGroups: Local name of well-known group PowerUsers is Power Users 2017-07-05 11:04:36 CreateUserGroups: Local name of well-known group Users is Users 2017-07-05 11:04:36 CreateUserGroups: Failed to add the members of group PowerUsers to SophosPowerUser group 2017-07-05 11:04:36 CreateUserGroups: Adding LOCAL SYSTEM to the SophosAdministrator role in the machine file 2017-07-05 11:04:39 CreateUserGroups: Action succeeded 2017-07-05 11:04:39 PurgeIOfficeAVCache: Action started 2017-07-05 11:04:39 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-07-05 11:04:39 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-07-05 11:04:39 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-07-05 11:04:39 PurgeIOfficeAVCache: Opened key name S-1-5-21-785017407-1344295933-1538882281-3884\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49} 2017-07-05 11:04:39 PurgeIOfficeAVCache: Unable to remove Enum sub key: 0x2 2017-07-05 11:04:39 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-07-05 11:04:39 PurgeIOfficeAVCache: Opened key name S-1-5-21-785017407-1344295933-1538882281-3884\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49} 2017-07-05 11:04:39 PurgeIOfficeAVCache: Unable to remove Enum sub key: 0x2 2017-07-05 11:04:39 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-07-05 11:04:39 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-07-05 11:04:39 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-07-05 11:04:39 PurgeIOfficeAVCache: Opened key name S-1-5-21-785017407-1344295933-1538882281-6932\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49} 2017-07-05 11:04:39 PurgeIOfficeAVCache: Unable to remove Enum sub key: 0x2 2017-07-05 11:04:39 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-07-05 11:04:39 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-07-05 11:04:39 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-07-05 11:04:39 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-07-05 11:04:39 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-07-05 11:04:39 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-07-05 11:04:39 PurgeIOfficeAVCache: Action succeeded 2017-07-05 11:04:39 EnableAttachmentScanning: Action started 2017-07-05 11:04:39 EnableAttachmentScanning: ScanWithAntiVirus value is already set to 3 2017-07-05 11:04:39 EnableAttachmentScanning: Action succeeded 2017-07-05 11:04:39 AddDomainGroups: Action started 2017-07-05 11:04:39 AddDomainGroups: Found SophosDomainUser group 2017-07-05 11:04:39 AddDomainGroups: Found SophosDomainPowerUser group 2017-07-05 11:04:39 AddDomainGroups: Found SophosDomainAdministrator group 2017-07-05 11:04:39 AddDomainGroups: Added SophosDomainAdministrator group to SophosAdministrator group 2017-07-05 11:04:39 AddDomainGroups: Added SophosDomainPowerUser group to SophosPowerUser group 2017-07-05 11:04:39 AddDomainGroups: Added SophosDomainUser group to SophosUser group 2017-07-05 11:04:39 AddDomainGroups: Action succeeded 2017-07-05 11:04:46 SetSAVAdminUpdateBegin: Action started 2017-07-05 11:04:46 SetSAVAdminUpdateBegin: Action succeeded 2017-07-05 11:04:46 UpdateSAVI: Action started 2017-07-05 11:04:46 UpdateSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate 2017-07-05 11:04:46 UpdateSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__ 2017-07-05 11:04:46 UpdateSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate 2017-07-05 11:04:46 UpdateSAVI: UpdateRequest signalled 2017-07-05 11:04:46 UpdateSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended 2017-07-05 11:04:46 UpdateSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__ 2017-07-05 11:04:46 UpdateSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended 2017-07-05 11:04:46 UpdateSAVI: MSCM version orig: new: 0.3.0.90 2017-07-05 11:04:46 UpdateSAVI: Copying MSCM from: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\savmscm.dll to: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\savmscm.dll 2017-07-05 11:04:46 UpdateSAVI: Registered MSCM 2017-07-05 11:04:47 UpdateSAVI: SAVI dll was installed successfully 2017-07-05 11:04:47 UpdateSAVI: Action succeeded 2017-07-05 11:04:48 SetFolderPermissions: Action started 2017-07-05 11:04:48 SetFolderPermissions: We are running on XP or higher - adding LocalService to permissions on config files 2017-07-05 11:04:48 SetFolderPermissions: We are running on XP or higher - adding LocalService to permissions on config files 2017-07-05 11:04:48 SetFolderPermissions: Action succeeded 2017-07-05 11:04:52 CreateTamperProtectionRegKey: Action started 2017-07-05 11:04:52 CreateTamperProtectionRegKey: Action succeeded 2017-07-05 11:04:53 SetServiceXP: Action started 2017-07-05 11:04:53 SetServiceXP: Action succeeded 2017-07-05 11:04:53 SetSAVServiceSID: Action started 2017-07-05 11:04:53 SetSAVServiceSID: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-07-05 11:04:53 SetSAVServiceSID: Action succeeded 2017-07-05 11:04:53 SetServiceSecurity: Action started 2017-07-05 11:04:53 SetServiceSecurity: Adding SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP to SavService launch permissions 2017-07-05 11:04:53 SetServiceSecurity: Adding SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP to SavService launch permissions 2017-07-05 11:04:53 SetServiceSecurity: Action succeeded 2017-07-05 11:04:53 SetServiceRecoveryActions: Action started 2017-07-05 11:04:53 SetServiceRecoveryActions: Action succeeded 2017-07-05 11:04:53 InstallDeviceControl: Action started 2017-07-05 11:04:53 InstallDeviceControl: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-07-05 11:04:53 InstallDeviceControl: Action succeeded 2017-07-05 11:04:53 SetAdminGroupDescription: Action started 2017-07-05 11:04:53 SetAdminGroupDescription: Action succeeded 2017-07-05 11:04:53 SetPowerGroupDescription: Action started 2017-07-05 11:04:53 SetPowerGroupDescription: Action succeeded 2017-07-05 11:04:53 SetUserGroupDescription: Action started 2017-07-05 11:04:53 SetUserGroupDescription: Action succeeded 2017-07-05 11:04:53 SetOnAccessGroupDescription: Action started 2017-07-05 11:04:54 SetOnAccessGroupDescription: Action succeeded 2017-07-05 11:04:54 DisablePUADetection: Action started 2017-07-05 11:04:54 DisablePUADetection: Action succeeded 2017-07-05 11:04:54 DeleteExpiredCaches: Action started 2017-07-05 11:04:54 DeleteExpiredCaches: Action succeeded 2017-07-05 11:04:54 EnableJournals: Action started 2017-07-05 11:04:54 EnableJournals: Checking journal for active volumes. 2017-07-05 11:04:54 EnableJournals: Journaling already enabled for on \\?\Volume{f2978144-5cb8-11e3-a09d-806e6f6e6963}\ 2017-07-05 11:04:54 EnableJournals: Journaling already enabled for on \\?\Volume{f2978146-5cb8-11e3-a09d-806e6f6e6963}\ 2017-07-05 11:04:54 EnableJournals: Action succeeded 2017-07-05 11:04:54 DisableWebProtection: Action started 2017-07-05 11:04:54 DisableWebProtection: DisableWebProtection: OK 2017-07-05 11:04:54 DisableWebProtection: Action succeeded 2017-07-05 11:04:54 DisableSxlLookups: Action started 2017-07-05 11:04:54 DisableSxlLookups: DisableSxlLookups: OK 2017-07-05 11:04:54 DisableSxlLookups: Action succeeded 2017-07-05 11:04:54 CheckSNMPDLLPresence: Action started 2017-07-05 11:04:54 CheckSNMPDLLPresence: Action succeeded 2017-07-05 11:04:54 UpdateSXLServerList: Action started 2017-07-05 11:04:54 UpdateSXLServerList: LoadSophtainerData: GetSophtainerSection(C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SXLConfig.dat) returned 0. (180 bytes returned) 2017-07-05 11:04:54 UpdateSXLServerList: ExtractSXLServerConf: 0, 4, 4 2017-07-05 11:04:54 UpdateSXLServerList: Action succeeded 2017-07-05 11:04:54 GenerateSavMachineId: Action started 2017-07-05 11:04:54 GenerateSavMachineId: Sav machine id = EB887FE9-7F7E-46F8-8BC9-FEFDA3625B1B 2017-07-05 11:04:54 GenerateSavMachineId: Action succeeded 2017-07-05 11:04:54 SetSAVAdminUpdateComplete: Action started 2017-07-05 11:04:54 SetSAVAdminUpdateComplete: Action succeeded 2017-07-05 11:04:54 RunPreLaunchScripts: Action started 2017-07-05 11:04:54 RunPreLaunchScripts: RunPreLaunchScripts: No entries. 2017-07-05 11:04:54 RunPreLaunchScripts: Action succeeded 2017-07-05 11:04:55 BootDriverStartup: Action started 2017-07-05 11:04:55 BootDriverStartup: Boot driver restored: disabled 2017-07-05 11:04:55 BootDriverStartup: Action succeeded 2017-07-05 11:04:55 UninstallSecurityCenter: Action started 2017-07-05 11:04:55 UninstallSecurityCenter: Error returned from CAntiVirusProvider::Uninstall() was: -2147467259 2017-07-05 11:04:55 UninstallSecurityCenter: Error returned from CAntiSpywareProvider::Uninstall() was: -2147467259 2017-07-05 11:04:55 UninstallSecurityCenter: Action succeeded 2017-07-05 11:04:55 RollbackInstallDeviceControl: Action started 2017-07-05 11:04:55 RollbackInstallDeviceControl: Action succeeded 2017-07-05 11:04:56 RemoveTamperProtectionRegKey: Action started 2017-07-05 11:04:56 RemoveTamperProtectionRegKey: Action succeeded 2017-07-05 11:04:56 RemoveSAVI: Action started 2017-07-05 11:04:56 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate 2017-07-05 11:04:56 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__ 2017-07-05 11:04:56 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate 2017-07-05 11:04:56 RemoveSAVI: UpdateRequest signalled 2017-07-05 11:04:56 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended 2017-07-05 11:04:56 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__ 2017-07-05 11:04:56 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended 2017-07-05 11:04:56 RemoveSAVI: Action succeeded 2017-07-05 11:05:02 DeleteUserGroups: Action started 2017-07-05 11:05:02 DeleteUserGroups: We are not a domain controller: Attempting to delete local user groups 2017-07-05 11:05:02 DeleteUserGroups: Action succeeded 2017-07-05 11:05:02 UpdateDesktopMessaging: Action started 2017-07-05 11:05:02 UpdateDesktopMessaging: UpdateDesktopMessaging: Could not delete SAVPlugin registry key(2) 2017-07-05 11:05:02 UpdateDesktopMessaging: Action succeeded 2017-07-05 11:05:02 RollbackUpdateSavAdapterDll: Action started 2017-07-05 11:05:02 RollbackUpdateSavAdapterDll: Action succeeded 2017-07-05 11:05:02 DeleteOtherFiles: Action started 2017-07-05 11:05:03 DeleteOtherFiles: Unable to get list of engine files from C:\Program Files (x86)\Sophos\Sophos Anti-Virus\engsync.upd 2017-07-05 11:05:03 DeleteOtherFiles: Unregistered MSCM 2017-07-05 11:05:03 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll.stf00 with error: Access is denied. 2017-07-05 11:05:03 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll.stf01 with error: Access is denied. 2017-07-05 11:05:03 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll.stf08 with error: Access is denied. 2017-07-05 11:05:03 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll.stf00 with error: Access is denied. 2017-07-05 11:05:03 Error deleting file: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll.stf08 with error: Access is denied. 2017-07-05 11:05:03 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll detoured exists, proceeding to rename it & mark for delete. 2017-07-05 11:05:03 DeleteOtherFiles: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2017-07-05 11:05:03 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll detoured exists, proceeding to rename it & mark for delete. 2017-07-05 11:05:03 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\detoured.dll does not exist, no further action. 2017-07-05 11:05:03 DeleteOtherFiles: Deleting config file folder 2017-07-05 11:05:03 DeleteOtherFiles: Failed to delete config folder, 2 2017-07-05 11:05:03 Error deleting file: C:\ProgramData\Sophos\Sophos Anti-Virus\\Infected\Low with error: Access is denied. 2017-07-05 11:05:03 DeleteOtherFiles: Action succeeded 2017-07-05 11:05:03 ForceDeleteUserPlugin: Action started 2017-07-05 11:05:03 ForceDeleteUserPlugin: Error deleting DesktopMessaging registry key. Returned error was: The system cannot find the file specified. 2017-07-05 11:05:03 ForceDeleteUserPlugin: Error deleting user pluging registry key. Returned error was: The system cannot find the file specified. 2017-07-05 11:05:03 ForceDeleteUserPlugin: Action succeeded 2017-07-05 11:05:03 ForceDeleteFiles: Action started 2017-07-05 11:05:03 ForceDeleteFiles: Action succeeded 2017-07-05 11:05:03 RunErrorScripts: Action started 2017-07-05 11:05:03 RunErrorScripts: Action succeeded 2017-07-05 11:05:03 RestoreMovedFiles: Action started 2017-07-05 11:05:03 RestoreMovedFiles: Action succeeded 2017-07-05 11:05:03 SetUpdateFailed: Action started 2017-07-05 11:05:03 SetUpdateFailed: Unable to create an instance of ComponentManager - SystemInformation cannot be informed of end of update 2017-07-05 11:05:03 SetUpdateFailed: Action succeeded