2018-01-22 14:05:39 ExtractClassicConfig: Action started 2018-01-22 14:05:39 ExtractClassicConfig: Action succeeded 2018-01-22 14:05:39 PreInstallChecks: Action started 2018-01-22 14:05:39 PreInstallChecks: Action succeeded 2018-01-22 14:05:39 SetBootDriverStartupProperty: Action started 2018-01-22 14:05:39 SetBootDriverStartupProperty: Boot driver: not installed. 2018-01-22 14:05:39 SetBootDriverStartupProperty: Action succeeded 2018-01-22 14:05:39 SetClassFilterPresentProperty: Action started 2018-01-22 14:05:39 SetClassFilterPresentProperty: Setting class filter present property to: 0 2018-01-22 14:05:39 SetClassFilterPresentProperty: Action succeeded 2018-01-22 14:05:39 SetDriverProperty: Action started 2018-01-22 14:05:39 SetDriverProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-01-22 14:05:39 SetDriverProperty: Action succeeded 2018-01-22 14:05:40 SetProcessorProperties: Action started 2018-01-22 14:05:40 SetProcessorProperties: Action succeeded 2018-01-22 14:05:40 SetRestoreExcludedProcessesProperty: Action started 2018-01-22 14:05:40 SetRestoreExcludedProcessesProperty: SetRestoreExcludedProcessesProperty 2018-01-22 14:05:40 SetRestoreExcludedProcessesProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-01-22 14:05:40 SetRestoreExcludedProcessesProperty: Action succeeded 2018-01-22 14:05:48 CheckRegForNullDACLs: Action started 2018-01-22 14:05:48 CheckRegForNullDACLs: Action succeeded 2018-01-22 14:05:49 WaitForSAVService: Action started 2018-01-22 14:05:49 WaitForSAVService: WaitForSAVService: Walking system processes... 2018-01-22 14:05:49 WaitForSAVService: WaitForSAVService: Finished walking system processes. 2018-01-22 14:05:49 WaitForSAVService: Action succeeded 2018-01-22 14:05:50 CheckUninstallDrivers: Action started 2018-01-22 14:05:50 CheckUninstallDrivers: IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess control. Returning false. 2018-01-22 14:05:50 CheckUninstallDrivers: IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess filter. Returning false. 2018-01-22 14:05:50 CheckUninstallDrivers: Action succeeded 2018-01-22 14:05:50 DeleteIDEs: Action started 2018-01-22 14:05:50 DeleteIDEs: Action succeeded 2018-01-22 14:05:50 DeleteBDLs: Action started 2018-01-22 14:05:50 DeleteBDLs: Action succeeded 2018-01-22 14:05:50 DeleteHIPSConfig: Action started 2018-01-22 14:05:50 DeleteHIPSConfig: Action succeeded 2018-01-22 14:05:50 UpdateSavAdapterDll: Action started 2018-01-22 14:06:00 UpdateSavAdapterDll: Action succeeded 2018-01-22 14:06:00 UpdateDesktopMessaging: Action started 2018-01-22 14:06:00 UpdateDesktopMessaging: UpdateDesktopMessaging: Could not delete SAVPlugin registry key(2) 2018-01-22 14:06:00 UpdateDesktopMessaging: Action succeeded 2018-01-22 14:06:00 CopyOtherFiles: Action started 2018-01-22 14:06:00 CopyOtherFiles: CopyOtherFiles custom action - Copying other driver files 2018-01-22 14:06:00 CopyOtherFiles: Copying class filter source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\sdcfilter\win7_amd64\SDCFILTER.INF, target: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\ 2018-01-22 14:06:00 CopyOtherFiles: Copying boot driver source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\boottasks\win7_amd64\SOPHOSBOOTDRIVER.INF, target: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\ 2018-01-22 14:06:00 CopyOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll does not exist, no further action. 2018-01-22 14:06:00 CopyOtherFiles: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-01-22 14:06:00 CopyOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll does not exist, no further action. 2018-01-22 14:06:00 CopyOtherFiles: Copying boot tasks source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\boottasks\win7_amd64\SophosBootTasks.exe, target: C:\Windows\system32\ 2018-01-22 14:06:00 CopyOtherFiles: Action succeeded 2018-01-22 14:06:00 RegisterBufferOverflowProtection: Action started 2018-01-22 14:06:00 RegisterBufferOverflowProtection: BopsUnregister: could not get short path to DLL. It will not be unregistered. 2018-01-22 14:06:00 RegisterBufferOverflowProtection: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\detoured.dll does not exist, no further action. 2018-01-22 14:06:00 RegisterBufferOverflowProtection: BOPS path already exists 2018-01-22 14:06:00 RegisterBufferOverflowProtection: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-01-22 14:06:00 RegisterBufferOverflowProtection: BOPS path already exists 2018-01-22 14:06:00 RegisterBufferOverflowProtection: Action succeeded 2018-01-22 14:06:00 RestoreExcludedProcesses: Action started 2018-01-22 14:06:00 RestoreExcludedProcesses: RestoreExcludedProcesses 2018-01-22 14:06:00 RestoreExcludedProcesses: Empty excluded processes property. Nothing to be done. 2018-01-22 14:06:00 RestoreExcludedProcesses: Action succeeded 2018-01-22 14:06:00 StartDriverServices: Action started 2018-01-22 14:06:00 StartDriverServices: IsServiceRunning: Unable to get a handle to requested service skmscan. Returning false. 2018-01-22 14:06:00 StartDriverServices: Unable to get a handle to kms service - service will not be started until next reboot 2018-01-22 14:06:00 StartDriverServices: Action succeeded 2018-01-22 14:06:01 CreateUserGroups: Action started 2018-01-22 14:06:02 CreateUserGroups: Local name of well-known group Administrators is Administrators 2018-01-22 14:06:02 CreateUserGroups: Local name of well-known group PowerUsers is Power Users 2018-01-22 14:06:02 CreateUserGroups: Local name of well-known group Users is Users 2018-01-22 14:06:02 CreateUserGroups: Failed to add the members of group PowerUsers to SophosPowerUser group 2018-01-22 14:06:02 CreateUserGroups: Adding LOCAL SYSTEM to the SophosAdministrator role in the machine file 2018-01-22 14:06:08 CreateUserGroups: Action succeeded 2018-01-22 14:06:08 PurgeIOfficeAVCache: Action started 2018-01-22 14:06:08 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-01-22 14:06:08 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-01-22 14:06:08 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-01-22 14:06:08 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-01-22 14:06:08 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-01-22 14:06:08 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-01-22 14:06:08 PurgeIOfficeAVCache: Action succeeded 2018-01-22 14:06:08 EnableAttachmentScanning: Action started 2018-01-22 14:06:08 EnableAttachmentScanning: ScanWithAntiVirus value is already set to 3 2018-01-22 14:06:08 EnableAttachmentScanning: Action succeeded 2018-01-22 14:06:08 AddDomainGroups: Action started 2018-01-22 14:06:08 AddDomainGroups: SophosDomainUser not found: (2220) The group name could not be found. 2018-01-22 14:06:08 AddDomainGroups: SophosDomainPowerUser not found: (2220) The group name could not be found. 2018-01-22 14:06:08 AddDomainGroups: SophosDomainAdministrator not found: (2220) The group name could not be found. 2018-01-22 14:06:08 AddDomainGroups: SophosDomainAdministrator group doesn't exist 2018-01-22 14:06:08 AddDomainGroups: SophosDomainPowerUser group doesn't exist 2018-01-22 14:06:08 AddDomainGroups: SophosDomainUser group doesn't exist 2018-01-22 14:06:08 AddDomainGroups: Action succeeded 2018-01-22 14:06:20 SetSAVAdminUpdateBegin: Action started 2018-01-22 14:06:20 SetSAVAdminUpdateBegin: Action succeeded 2018-01-22 14:06:20 UpdateSAVI: Action started 2018-01-22 14:06:20 UpdateSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate 2018-01-22 14:06:20 UpdateSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__ 2018-01-22 14:06:20 UpdateSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate 2018-01-22 14:06:20 UpdateSAVI: UpdateRequest signalled 2018-01-22 14:06:20 UpdateSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended 2018-01-22 14:06:20 UpdateSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__ 2018-01-22 14:06:20 UpdateSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended 2018-01-22 14:06:20 UpdateSAVI: MSCM version orig: new: 0.3.0.90 2018-01-22 14:06:20 UpdateSAVI: Copying MSCM from: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\savmscm.dll to: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\savmscm.dll 2018-01-22 14:06:20 UpdateSAVI: Registered MSCM 2018-01-22 14:06:21 UpdateSAVI: SAVI dll was installed successfully 2018-01-22 14:06:21 UpdateSAVI: Action succeeded 2018-01-22 14:06:21 SetFolderPermissions: Action started 2018-01-22 14:06:21 SetFolderPermissions: We are running on XP or higher - adding LocalService to permissions on config files 2018-01-22 14:06:21 SetFolderPermissions: We are running on XP or higher - adding LocalService to permissions on config files 2018-01-22 14:06:21 SetFolderPermissions: Action succeeded 2018-01-22 14:06:22 CreateTamperProtectionRegKey: Action started 2018-01-22 14:06:22 CreateTamperProtectionRegKey: Action succeeded 2018-01-22 14:06:24 SetServiceXP: Action started 2018-01-22 14:06:24 SetServiceXP: Action succeeded 2018-01-22 14:06:24 SetSAVServiceSID: Action started 2018-01-22 14:06:24 SetSAVServiceSID: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-01-22 14:06:24 SetSAVServiceSID: Action succeeded 2018-01-22 14:06:24 SetServiceSecurity: Action started 2018-01-22 14:06:24 SetServiceSecurity: Adding SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP to SavService launch permissions 2018-01-22 14:06:24 SetServiceSecurity: Adding SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP to SavService launch permissions 2018-01-22 14:06:24 SetServiceSecurity: Action succeeded 2018-01-22 14:06:24 SetServiceRecoveryActions: Action started 2018-01-22 14:06:24 SetServiceRecoveryActions: Action succeeded 2018-01-22 14:06:24 InstallDeviceControl: Action started 2018-01-22 14:06:24 InstallDeviceControl: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-01-22 14:06:24 InstallDeviceControl: Action succeeded 2018-01-22 14:06:24 SetAdminGroupDescription: Action started 2018-01-22 14:06:24 SetAdminGroupDescription: Action succeeded 2018-01-22 14:06:24 SetPowerGroupDescription: Action started 2018-01-22 14:06:24 SetPowerGroupDescription: Action succeeded 2018-01-22 14:06:24 SetUserGroupDescription: Action started 2018-01-22 14:06:24 SetUserGroupDescription: Action succeeded 2018-01-22 14:06:24 SetOnAccessGroupDescription: Action started 2018-01-22 14:06:24 SetOnAccessGroupDescription: Action succeeded 2018-01-22 14:06:24 DisablePUADetection: Action started 2018-01-22 14:06:24 DisablePUADetection: Action succeeded 2018-01-22 14:06:24 DeleteExpiredCaches: Action started 2018-01-22 14:06:24 DeleteExpiredCaches: Action succeeded 2018-01-22 14:06:24 EnableJournals: Action started 2018-01-22 14:06:24 EnableJournals: Skipping journal action - server platform detected. 2018-01-22 14:06:24 EnableJournals: Action succeeded 2018-01-22 14:06:24 DisableWebProtection: Action started 2018-01-22 14:06:24 DisableWebProtection: DisableWebProtection: OK 2018-01-22 14:06:24 DisableWebProtection: Action succeeded 2018-01-22 14:06:24 DisableSxlLookups: Action started 2018-01-22 14:06:24 DisableSxlLookups: DisableSxlLookups: OK 2018-01-22 14:06:24 DisableSxlLookups: Action succeeded 2018-01-22 14:06:24 CheckSNMPDLLPresence: Action started 2018-01-22 14:06:24 CheckSNMPDLLPresence: Action succeeded 2018-01-22 14:06:24 UpdateSXLServerList: Action started 2018-01-22 14:06:24 UpdateSXLServerList: LoadSophtainerData: GetSophtainerSection(C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SXLConfig.dat) returned 0. (180 bytes returned) 2018-01-22 14:06:24 UpdateSXLServerList: ExtractSXLServerConf: 0, 4, 4 2018-01-22 14:06:24 UpdateSXLServerList: Action succeeded 2018-01-22 14:06:24 GenerateSavMachineId: Action started 2018-01-22 14:06:24 GenerateSavMachineId: Sav machine id = F0C2170C-4E35-47B4-A426-858B11A47573 2018-01-22 14:06:24 GenerateSavMachineId: Action succeeded 2018-01-22 14:06:25 SetSAVAdminUpdateComplete: Action started 2018-01-22 14:06:25 SetSAVAdminUpdateComplete: Action succeeded 2018-01-22 14:06:25 RunPreLaunchScripts: Action started 2018-01-22 14:06:25 RunPreLaunchScripts: RunPreLaunchScripts: No entries. 2018-01-22 14:06:25 RunPreLaunchScripts: Action succeeded 2018-01-22 14:06:55 BootDriverStartup: Action started 2018-01-22 14:06:55 BootDriverStartup: Boot driver restored: disabled 2018-01-22 14:06:55 BootDriverStartup: Action succeeded 2018-01-22 14:06:55 RegisterDCIfEnabled: Action started 2018-01-22 14:06:55 RegisterDCIfEnabled: isDCEnabled: node not found: /configuration/components/DeviceControlManager/settings/enabled 2018-01-22 14:06:55 RegisterDCIfEnabled: Action succeeded 2018-01-22 14:06:55 StartSAVServices: Action started 2018-01-22 14:07:11 StartSAVServices: Action succeeded 2018-01-22 14:07:16 UninstallSecurityCenter: Action started 2018-01-22 14:07:16 UninstallSecurityCenter: Action succeeded 2018-01-22 14:07:17 RollbackInstallDeviceControl: Action started 2018-01-22 14:07:17 RollbackInstallDeviceControl: Action succeeded 2018-01-22 14:07:17 RemoveTamperProtectionRegKey: Action started 2018-01-22 14:07:17 RemoveTamperProtectionRegKey: Action succeeded 2018-01-22 14:07:21 RemoveSAVI: Action started 2018-01-22 14:07:21 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate 2018-01-22 14:07:21 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__ 2018-01-22 14:07:21 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate 2018-01-22 14:07:21 RemoveSAVI: UpdateRequest signalled 2018-01-22 14:07:21 RemoveSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended 2018-01-22 14:07:21 RemoveSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__ 2018-01-22 14:07:21 RemoveSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended 2018-01-22 14:07:21 RemoveSAVI: Action succeeded 2018-01-22 14:07:39 DeleteUserGroups: Action started 2018-01-22 14:07:39 DeleteUserGroups: We are not a domain controller: Attempting to delete local user groups 2018-01-22 14:07:39 DeleteUserGroups: Action succeeded 2018-01-22 14:07:39 UpdateDesktopMessaging: Action started 2018-01-22 14:07:39 UpdateDesktopMessaging: UpdateDesktopMessaging: Could not delete SAVPlugin registry key(2) 2018-01-22 14:07:39 UpdateDesktopMessaging: Action succeeded 2018-01-22 14:07:39 RollbackUpdateSavAdapterDll: Action started 2018-01-22 14:07:39 RollbackUpdateSavAdapterDll: Action succeeded 2018-01-22 14:07:39 DeleteOtherFiles: Action started 2018-01-22 14:07:39 DeleteOtherFiles: Unable to get list of engine files from C:\Program Files (x86)\Sophos\Sophos Anti-Virus\engsync.upd 2018-01-22 14:07:39 DeleteOtherFiles: Unregistered MSCM 2018-01-22 14:07:39 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll detoured exists, proceeding to rename it & mark for delete. 2018-01-22 14:07:39 DeleteOtherFiles: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-01-22 14:07:39 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll detoured exists, proceeding to rename it & mark for delete. 2018-01-22 14:07:39 DeleteOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\detoured.dll does not exist, no further action. 2018-01-22 14:07:39 DeleteOtherFiles: Deleting config file folder 2018-01-22 14:07:39 Error deleting file: C:\ProgramData\Sophos\Sophos Anti-Virus\\Infected\Low with error: Access is denied. 2018-01-22 14:07:40 DeleteOtherFiles: Action succeeded 2018-01-22 14:07:40 ForceDeleteUserPlugin: Action started 2018-01-22 14:07:40 ForceDeleteUserPlugin: Error deleting DesktopMessaging registry key. Returned error was: The system cannot find the file specified. 2018-01-22 14:07:40 ForceDeleteUserPlugin: Error deleting user pluging registry key. Returned error was: The system cannot find the file specified. 2018-01-22 14:07:40 ForceDeleteUserPlugin: Action succeeded 2018-01-22 14:07:40 ForceDeleteFiles: Action started 2018-01-22 14:07:40 ForceDeleteFiles: Action succeeded 2018-01-22 14:08:11 RunErrorScripts: Action started 2018-01-22 14:08:11 RunErrorScripts: Action succeeded 2018-01-22 14:08:11 RestoreMovedFiles: Action started 2018-01-22 14:08:11 RestoreMovedFiles: Action succeeded 2018-01-22 14:08:11 SetUpdateFailed: Action started 2018-01-22 14:08:41 SetUpdateFailed: Unable to create an instance of ComponentManager - SystemInformation cannot be informed of end of update 2018-01-22 14:08:41 SetUpdateFailed: Action succeeded