2018-08-23 09:25:16 ExtractClassicConfig: Action started 2018-08-23 09:25:16 ExtractClassicConfig: Action succeeded 2018-08-23 09:25:16 PreInstallChecks: Action started 2018-08-23 09:25:16 PreInstallChecks: Action succeeded 2018-08-23 09:25:16 SetBootDriverStartupProperty: Action started 2018-08-23 09:25:16 SetBootDriverStartupProperty: Boot driver: not installed. 2018-08-23 09:25:16 SetBootDriverStartupProperty: Action succeeded 2018-08-23 09:25:16 SetClassFilterPresentProperty: Action started 2018-08-23 09:25:16 SetClassFilterPresentProperty: Setting class filter present property to: 0 2018-08-23 09:25:16 SetClassFilterPresentProperty: Action succeeded 2018-08-23 09:25:16 SetDriverProperty: Action started 2018-08-23 09:25:16 SetDriverProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-08-23 09:25:16 SetDriverProperty: Action succeeded 2018-08-23 09:25:16 SetProcessorProperties: Action started 2018-08-23 09:25:16 SetProcessorProperties: Action succeeded 2018-08-23 09:25:16 SetRestoreExcludedProcessesProperty: Action started 2018-08-23 09:25:16 SetRestoreExcludedProcessesProperty: SetRestoreExcludedProcessesProperty 2018-08-23 09:25:16 SetRestoreExcludedProcessesProperty: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-08-23 09:25:16 SetRestoreExcludedProcessesProperty: Action succeeded 2018-08-23 09:25:23 CheckRegForNullDACLs: Action started 2018-08-23 09:25:23 CheckRegForNullDACLs: Action succeeded 2018-08-23 09:25:23 WaitForSAVService: Action started 2018-08-23 09:25:23 WaitForSAVService: WaitForSAVService: Walking system processes... 2018-08-23 09:25:23 WaitForSAVService: WaitForSAVService: Finished walking system processes. 2018-08-23 09:25:23 WaitForSAVService: Action succeeded 2018-08-23 09:25:23 CheckUninstallDrivers: Action started 2018-08-23 09:25:23 CheckUninstallDrivers: IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess control. Returning false. 2018-08-23 09:25:23 CheckUninstallDrivers: IsServiceInstalled: Unable to get a handle to requested service SAVOnAccess filter. Returning false. 2018-08-23 09:25:23 CheckUninstallDrivers: Action succeeded 2018-08-23 09:25:23 DeleteIDEs: Action started 2018-08-23 09:25:23 DeleteIDEs: Action succeeded 2018-08-23 09:25:23 DeleteBDLs: Action started 2018-08-23 09:25:23 DeleteBDLs: Action succeeded 2018-08-23 09:25:23 DeleteHIPSConfig: Action started 2018-08-23 09:25:23 DeleteHIPSConfig: Action succeeded 2018-08-23 09:25:23 UpdateSavAdapterDll: Action started 2018-08-23 09:25:33 UpdateSavAdapterDll: Action succeeded 2018-08-23 09:25:33 UpdateDesktopMessaging: Action started 2018-08-23 09:25:33 UpdateDesktopMessaging: UpdateDesktopMessaging: Could not delete SAVPlugin registry key(2) 2018-08-23 09:25:33 UpdateDesktopMessaging: Action succeeded 2018-08-23 09:25:33 CopyOtherFiles: Action started 2018-08-23 09:25:33 CopyOtherFiles: CopyOtherFiles custom action - Copying other driver files 2018-08-23 09:25:33 CopyOtherFiles: Copying class filter source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\sdcfilter\win7_amd64\SDCFILTER.INF, target: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\ 2018-08-23 09:25:33 CopyOtherFiles: Copying boot driver source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\boottasks\win7_amd64\SOPHOSBOOTDRIVER.INF, target: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\ 2018-08-23 09:25:33 CopyOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll does not exist, no further action. 2018-08-23 09:25:33 CopyOtherFiles: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-08-23 09:25:33 CopyOtherFiles: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll does not exist, no further action. 2018-08-23 09:25:33 CopyOtherFiles: Copying boot tasks source: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\drivers\boottasks\win7_amd64\SophosBootTasks.exe, target: C:\WINDOWS\system32\ 2018-08-23 09:25:33 CopyOtherFiles: Action succeeded 2018-08-23 09:25:33 RegisterBufferOverflowProtection: Action started 2018-08-23 09:25:33 RegisterBufferOverflowProtection: BopsUnregister: could not get short path to DLL. It will not be unregistered. 2018-08-23 09:25:33 RegisterBufferOverflowProtection: GetRidOfExistingDetoured - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\detoured.dll does not exist, no further action. 2018-08-23 09:25:33 RegisterBufferOverflowProtection: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-08-23 09:25:33 RegisterBufferOverflowProtection: Action succeeded 2018-08-23 09:25:33 RestoreExcludedProcesses: Action started 2018-08-23 09:25:33 RestoreExcludedProcesses: RestoreExcludedProcesses 2018-08-23 09:25:33 RestoreExcludedProcesses: Empty excluded processes property. Nothing to be done. 2018-08-23 09:25:33 RestoreExcludedProcesses: Action succeeded 2018-08-23 09:25:33 StartDriverServices: Action started 2018-08-23 09:25:33 StartDriverServices: IsServiceRunning: Unable to get a handle to requested service skmscan. Returning false. 2018-08-23 09:25:33 StartDriverServices: Unable to get a handle to kms service - service will not be started until next reboot 2018-08-23 09:25:33 StartDriverServices: Action succeeded 2018-08-23 09:25:34 CreateUserGroups: Action started 2018-08-23 09:25:34 CreateUserGroups: Local name of well-known group Administrators is Administratoren 2018-08-23 09:25:34 CreateUserGroups: Local name of well-known group PowerUsers is Hauptbenutzer 2018-08-23 09:25:34 CreateUserGroups: Local name of well-known group Users is Benutzer 2018-08-23 09:25:34 CreateUserGroups: Failed to add the members of group PowerUsers to SophosPowerUser group 2018-08-23 09:25:34 CreateUserGroups: Adding LOCAL SYSTEM to the SophosAdministrator role in the machine file 2018-08-23 09:25:37 CreateUserGroups: Action succeeded 2018-08-23 09:25:37 PurgeIOfficeAVCache: Action started 2018-08-23 09:25:37 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-08-23 09:25:37 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-08-23 09:25:37 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-08-23 09:25:37 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-08-23 09:25:37 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-08-23 09:25:37 PurgeIOfficeAVCache: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-08-23 09:25:37 PurgeIOfficeAVCache: Action succeeded 2018-08-23 09:25:37 EnableAttachmentScanning: Action started 2018-08-23 09:25:37 EnableAttachmentScanning: ScanWithAntiVirus value is already set to 3 2018-08-23 09:25:37 EnableAttachmentScanning: Action succeeded 2018-08-23 09:25:37 AddDomainGroups: Action started 2018-08-23 09:25:37 AddDomainGroups: Action succeeded 2018-08-23 09:25:41 SetSAVAdminUpdateBegin: Action started 2018-08-23 09:25:41 SetSAVAdminUpdateBegin: Action succeeded 2018-08-23 09:25:41 UpdateSAVI: Action started 2018-08-23 09:25:41 UpdateSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate 2018-08-23 09:25:41 UpdateSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__ 2018-08-23 09:25:41 UpdateSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__ReadyForUpdate 2018-08-23 09:25:41 UpdateSAVI: UpdateRequest signalled 2018-08-23 09:25:41 UpdateSAVI: About to wait for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended 2018-08-23 09:25:41 UpdateSAVI: WaitForSAVIEvent: Could not open memory mapped file Global\!$_SAVI_!$$!_MMMF_$!__ 2018-08-23 09:25:41 UpdateSAVI: Successfully waited for event Global\!$_SAVI_!$$!_EVENT_$!__Suspended 2018-08-23 09:25:41 UpdateSAVI: MSCM version orig: new: 0.3.0.90 2018-08-23 09:25:41 UpdateSAVI: Copying MSCM from: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\savmscm.dll to: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\savmscm.dll 2018-08-23 09:25:41 UpdateSAVI: Registered MSCM 2018-08-23 09:25:41 UpdateSAVI: SAVI dll was installed successfully 2018-08-23 09:25:41 UpdateSAVI: Action succeeded 2018-08-23 09:25:41 SetFolderPermissions: Action started 2018-08-23 09:25:41 SetFolderPermissions: We are running on XP or higher - adding LocalService to permissions on config files 2018-08-23 09:25:41 SetFolderPermissions: We are running on XP or higher - adding LocalService to permissions on config files 2018-08-23 09:25:41 SetFolderPermissions: Unable to add set access permissions on the Data Control Log directory 2018-08-23 09:25:41 SetFolderPermissions: Unable to add set access permissions on the Data Control directory 2018-08-23 09:25:41 SetFolderPermissions: Action succeeded 2018-08-23 09:25:41 SetServiceXP: Action started 2018-08-23 09:25:41 SetServiceXP: Action succeeded 2018-08-23 09:25:41 CreateTamperProtectionRegKey: Action started 2018-08-23 09:25:41 CreateTamperProtectionRegKey: Action succeeded 2018-08-23 09:25:41 SetSAVServiceSID: Action started 2018-08-23 09:25:41 SetSAVServiceSID: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-08-23 09:25:41 SetSAVServiceSID: Action succeeded 2018-08-23 09:25:42 SetServiceSecurity: Action started 2018-08-23 09:25:42 SetServiceSecurity: Adding SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP to SavService launch permissions 2018-08-23 09:25:42 SetServiceSecurity: Adding SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP to SavService launch permissions 2018-08-23 09:25:42 SetServiceSecurity: Action succeeded 2018-08-23 09:25:42 SetServiceRecoveryActions: Action started 2018-08-23 09:25:42 SetServiceRecoveryActions: Action succeeded 2018-08-23 09:25:42 InstallDeviceControl: Action started 2018-08-23 09:25:42 InstallDeviceControl: PROCESSOR_ARCHITECTURE environment variable is: AMD64 2018-08-23 09:25:42 InstallDeviceControl: Action succeeded 2018-08-23 09:25:42 SetAdminGroupDescription: Action started 2018-08-23 09:25:42 SetAdminGroupDescription: Action succeeded 2018-08-23 09:25:42 SetPowerGroupDescription: Action started 2018-08-23 09:25:42 SetPowerGroupDescription: Action succeeded 2018-08-23 09:25:42 SetUserGroupDescription: Action started 2018-08-23 09:25:42 SetUserGroupDescription: Action succeeded 2018-08-23 09:25:42 SetOnAccessGroupDescription: Action started 2018-08-23 09:25:42 SetOnAccessGroupDescription: Action succeeded 2018-08-23 09:25:42 DisablePUADetection: Action started 2018-08-23 09:25:42 DisablePUADetection: Action succeeded 2018-08-23 09:25:42 DeleteExpiredCaches: Action started 2018-08-23 09:25:42 DeleteExpiredCaches: Action succeeded 2018-08-23 09:25:42 EnableJournals: Action started 2018-08-23 09:25:42 EnableJournals: Checking journal for active volumes. 2018-08-23 09:25:42 EnableJournals: Journaling already enabled for on \\?\Volume{71d7ecc7-fb2a-11e1-90a3-806e6f6e6963}\ 2018-08-23 09:25:42 EnableJournals: Journaling already enabled for on \\?\Volume{71d7ecc8-fb2a-11e1-90a3-806e6f6e6963}\ 2018-08-23 09:25:42 EnableJournals: Action succeeded 2018-08-23 09:25:42 DisableWebProtection: Action started 2018-08-23 09:25:42 DisableWebProtection: DisableWebProtection: OK 2018-08-23 09:25:42 DisableWebProtection: Action succeeded 2018-08-23 09:25:42 DisableSxlLookups: Action started 2018-08-23 09:25:42 DisableSxlLookups: DisableSxlLookups: OK 2018-08-23 09:25:42 DisableSxlLookups: Action succeeded 2018-08-23 09:25:42 CheckSNMPDLLPresence: Action started 2018-08-23 09:25:42 CheckSNMPDLLPresence: Action succeeded 2018-08-23 09:25:42 UpdateSXLServerList: Action started 2018-08-23 09:25:42 UpdateSXLServerList: LoadSophtainerData: GetSophtainerSection(C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SXLConfig.dat) returned 0. (180 bytes returned) 2018-08-23 09:25:42 UpdateSXLServerList: ExtractSXLServerConf: 0, 4, 4 2018-08-23 09:25:42 UpdateSXLServerList: Action succeeded 2018-08-23 09:25:42 ApplySAVControlFile: Action started 2018-08-23 09:25:42 ApplySAVControlFile: Reading SAVControlFile from C:\ProgramData\Sophos\AutoUpdate\cache\savxp\savcontrol 2018-08-23 09:25:42 ApplySAVControlFile: `anonymous-namespace'::GetBoolValue: Value /FeatureControl/EnableBOPS in savcontrol json file not found, assumed default 2018-08-23 09:25:42 ApplySAVControlFile: Writing machine file C:\ProgramData\Sophos\Sophos Anti-Virus\Config\machine.xml 2018-08-23 09:25:42 ApplySAVControlFile: Action succeeded 2018-08-23 09:25:42 GenerateSavMachineId: Action started 2018-08-23 09:25:42 GenerateSavMachineId: Sav machine id = 627661AB-F769-4327-81BA-5AC87FAC3F78 2018-08-23 09:25:42 GenerateSavMachineId: Action succeeded 2018-08-23 09:25:42 SetSAVAdminUpdateComplete: Action started 2018-08-23 09:25:42 SetSAVAdminUpdateComplete: Action succeeded 2018-08-23 09:25:42 RunPreLaunchScripts: Action started 2018-08-23 09:25:42 RunPreLaunchScripts: RunPreLaunchScripts: No entries. 2018-08-23 09:25:42 RunPreLaunchScripts: Action succeeded 2018-08-23 09:25:43 BootDriverStartup: Action started 2018-08-23 09:25:43 BootDriverStartup: Boot driver restored: disabled 2018-08-23 09:25:43 BootDriverStartup: Action succeeded 2018-08-23 09:25:43 RegisterDCIfEnabled: Action started 2018-08-23 09:25:43 RegisterDCIfEnabled: isDCEnabled: node not found: /configuration/components/DeviceControlManager/settings/enabled 2018-08-23 09:25:43 RegisterDCIfEnabled: Action succeeded 2018-08-23 09:25:43 StartSAVServices: Action started 2018-08-23 09:25:55 StartSAVServices: Action succeeded 2018-08-23 09:25:56 ConfigureSAV: Action started 2018-08-23 09:25:56 ConfigureSAV: Policy files unchanged - ConfigureSAV will not be called 2018-08-23 09:25:56 ConfigureSAV: Action succeeded 2018-08-23 09:25:56 SetInstallationComplete: Action started 2018-08-23 09:25:56 SetInstallationComplete: Action succeeded 2018-08-23 09:25:56 CreateSavAdapterDllRegistryEntry: Action started 2018-08-23 09:25:56 CreateSavAdapterDllRegistryEntry: Action succeeded 2018-08-23 09:25:56 RunAfterScripts: Action started 2018-08-23 09:25:56 RunAfterScripts: Action succeeded 2018-08-23 09:25:56 CopySAVSyncFile: Action started 2018-08-23 09:25:56 CopySAVSyncFile: Action succeeded