Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 11 subscribers
  • Views 16344 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall block the download client & sophos endpoint full setup

Lionel Barba

Hi everyone,

We have some issues with the sophossetupclient.exe because, for any reason, Firewall block the download client.

We need two solutions, if you can give us a full setup for endpoint protection, and the rules we need to put in to the fw so that it does not block the installer download or updates.

PS: I searched the forums and the knowledge base but I did not find this information.
We need to solve this urgently, since we can't put computers in production without the endpoint protection

 

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hello lionel barba,

    you are referring to SophosSetup.exe, aren't you? How do you know that a firewall (local or network?) blocks the download - could you describe the steps you have taken? AFAIK the installer makes only HTTPS connections - do your endpoints have to use a proxy to access the Internet?

    Christian

Reply
  • 0

    Hello lionel barba,

    you are referring to SophosSetup.exe, aren't you? How do you know that a firewall (local or network?) blocks the download - could you describe the steps you have taken? AFAIK the installer makes only HTTPS connections - do your endpoints have to use a proxy to access the Internet?

    Christian

Children
  • 0 in reply to QC

    Hi Christian,

     

    "you are referring to SophosSetup.exe" yes, i ve this setup, but own fw (network i know that because we have same problems  before)  blocks the client download. This is a error screen:

     

    Don't use proxys between PC to Internet 

  • 0 in reply to Lionel Barba

    Hello lionel barba,

    the logs related to the install should be in %ProgramData%\Sophos\CloudInstaller\Logs\, please check them for details.

    Christian

  • 0 in reply to QC

    Log: 

     

    Started C:\Users\LIONEL~1.BAR\AppData\Local\Temp\sfl-17c53000\Setup.exe
    2018-05-08T13:42:23.4232404Z INFO : SophosInstall command line: "C:\\Users\\LIONEL~1.BAR\\AppData\\Local\\Temp\\sfl-17c53000\\Setup.exe"
    2018-05-08T13:42:23.4232404Z INFO : Command line: Quiet mode on: 0
    2018-05-08T13:42:23.4232404Z INFO : Command line: Automatic Proxy detection disabled: 0
    2018-05-08T13:42:23.4232404Z INFO : Command line: No feedback mode on: 0
    2018-05-08T13:42:23.4232404Z INFO : Command line: Dump feedback enabled: 0
    2018-05-08T13:42:23.4232404Z INFO : Command line: Bypass competitor removal: 0
    2018-05-08T13:42:23.4232404Z INFO : Command line: Using CRT catalog file path: --
    2018-05-08T13:42:23.4232404Z INFO : Command line: Only register endpoint with Central: 0
    2018-05-08T13:42:23.4232404Z INFO : Command line: Using custom server: --
    2018-05-08T13:42:23.4232404Z INFO : Command line: Using custom stage 2 filename: --
    2018-05-08T13:42:23.4232404Z INFO : Command line: Using cloud user: --
    2018-05-08T13:42:23.4232404Z INFO : Command line: Using cloud group: --
    2018-05-08T13:42:23.4232404Z INFO : Command line: Overriding computer name: --
    2018-05-08T13:42:23.4232404Z INFO : Command line: Overriding computer description: --
    2018-05-08T13:42:23.4232404Z INFO : Command line: Overriding domain name: --
    2018-05-08T13:42:23.4232404Z INFO : Command line: Language will be set to: --
    2018-05-08T13:42:23.4232404Z INFO : Command line: Using message relays: --
    2018-05-08T13:42:23.4232404Z INFO : Command line: Proxy address: --
    2018-05-08T13:42:23.4232404Z INFO : Command line: Proxy user name: --
    2018-05-08T13:42:23.4232404Z INFO : Command line: Using custom customer token: --
    2018-05-08T13:42:23.4232404Z INFO : Command line: Using specified products: --
    2018-05-08T13:42:23.4232404Z INFO : Command line: Using certificates from the MCS app data folder: 0
    2018-05-08T13:42:23.4390805Z INFO : Sending HTTP 'GET' request to: full/central/windows/business/installer/latest.tar.gz
    2018-05-08T13:42:23.4549206Z WARNING : WinHttpGetProxyForUrl returned: 12180
    2018-05-08T13:42:23.4549206Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
    2018-05-08T13:42:23.4549206Z INFO : Set security protocol: 00000800
    2018-05-08T13:42:23.4549206Z INFO : Opening connection to downloads.sophos.com
    2018-05-08T13:42:23.4549206Z INFO : Opened connection to downloads.sophos.com
    2018-05-08T13:42:23.4549206Z INFO : Request content size: 0
    2018-05-08T13:42:24.1360449Z INFO : Sending request
    2018-05-08T13:42:24.1360449Z INFO : Request sent
    2018-05-08T13:42:25.5458138Z INFO : Response status code: 200
    2018-05-08T13:42:25.5458138Z INFO : Response data size: 1680435
    2018-05-08T13:42:25.5458138Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200
    2018-05-08T13:42:25.5458138Z INFO : Extracting files:
    2018-05-08T13:42:25.5458138Z INFO : integrity.dat
    2018-05-08T13:42:25.5458138Z INFO : manifest.dat
    2018-05-08T13:42:25.5458138Z INFO : rootca.crl
    2018-05-08T13:42:25.5458138Z INFO : rootca.crt
    2018-05-08T13:42:25.5458138Z INFO : scf.dat
    2018-05-08T13:42:25.5458138Z INFO : sof.dat
    2018-05-08T13:42:25.5458138Z INFO : SophosSetup_Stage2.exe
    2018-05-08T13:42:25.5774940Z INFO : sul.dll
    2018-05-08T13:42:25.6091742Z INFO : Management Certs/sophosca1.crl
    2018-05-08T13:42:25.6091742Z INFO : Management Certs/sophosca1.crt
    2018-05-08T13:42:25.6091742Z INFO : Management Certs/sophosca2.crl
    2018-05-08T13:42:25.6091742Z INFO : Management Certs/sophosca2.crt
    2018-05-08T13:42:25.6091742Z INFO : Management Certs/Sophos_SHA256_MCS_Root_CA3_exp20380504.crl
    2018-05-08T13:42:25.6091742Z INFO : Management Certs/Sophos_SHA256_MCS_Root_CA3_exp20380504.crt
    2018-05-08T13:42:25.6091742Z INFO : Management Certs/Sophos_SHA256_MCS_Root_CA4_exp20390504.crl
    2018-05-08T13:42:25.6091742Z INFO : Management Certs/Sophos_SHA256_MCS_Root_CA4_exp20390504.crt
    2018-05-08T13:42:25.6883747Z INFO : Running setup.
    Started C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
    2018-05-08T13:42:25.8942960Z INFO : Setup command line: --mgmtserver="dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com" --logfile="C:\\ProgramData\\Sophos\\CloudInstaller\\Logs\\SophosCloudInstaller_20180508_134223.log" --parentpid="1484" --products="antivirus" --customertoken="e397daf1-9409-47cf-932e-d87656dbac4f" --pipewritehandle="1148" --mcscustomerid="fed93f29-dc1a-4a5a-8b91-b3ee18459d71"
    2018-05-08T13:42:25.8942960Z INFO : User name: lionel.barba
    2018-05-08T13:42:25.8942960Z INFO : NameDnsDomain: UA.COM.AR\\lionel.barba
    2018-05-08T13:42:25.8942960Z INFO : dnsDomain: UA.COM.AR
    2018-05-08T13:42:29.1256764Z INFO : lpProfilePath:
    2018-05-08T13:42:29.1573566Z INFO : User profile loaded
    2018-05-08T13:42:29.1573566Z INFO : Net API buffer freed
    2018-05-08T13:42:29.1573566Z INFO : Model::server value changed to: dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com
    2018-05-08T13:42:29.1573566Z INFO : Model::messageRelays value changed to be size: 0
    2018-05-08T13:42:29.1573566Z INFO : Model::user value changed to:
    2018-05-08T13:42:29.1573566Z INFO : Model::group value changed to:
    2018-05-08T13:42:29.1573566Z INFO : Model::parentPid value changed to: 1484
    2018-05-08T13:42:29.1573566Z INFO : Model::products changed to: antivirus
    2018-05-08T13:42:29.1573566Z INFO : Model::customer token value changed to: e397daf1-9409-47cf-932e-d87656dbac4f
    2018-05-08T13:42:29.1573566Z INFO : MCS Crts: C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca1.crt,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca2.crt,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\Sophos_SHA256_MCS_Root_CA3_exp20380504.crt,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\Sophos_SHA256_MCS_Root_CA4_exp20390504.crt
    2018-05-08T13:42:29.1573566Z INFO : MCS CRLs: C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca1.crl,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\sophosca2.crl,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\Sophos_SHA256_MCS_Root_CA3_exp20380504.crl,C:\\Program Files (x86)\\Sophos\\CloudInstaller\\Management Certs\\Sophos_SHA256_MCS_Root_CA4_exp20390504.crl
    2018-05-08T13:42:29.1573566Z INFO : Model:: MCS customer id value changed to: fed93f29-dc1a-4a5a-8b91-b3ee18459d71
    2018-05-08T13:42:29.1573566Z INFO : Beginning command definition.
    2018-05-08T13:42:29.1573566Z INFO : Adding competitor detection command.
    2018-05-08T13:42:29.1573566Z INFO : Adding command to register with Sophos cloud.
    2018-05-08T13:42:29.1573566Z INFO : Adding command to download product suite.
    2018-05-08T13:42:29.1573566Z INFO : Adding commands to uninstall existing products.
    2018-05-08T13:42:29.1573566Z INFO : Adding command to retrieve policy.
    2018-05-08T13:42:29.1573566Z INFO : Adding command to prepare for installation.
    2018-05-08T13:42:29.1573566Z INFO : Adding command to install Sophos cloud.
    2018-05-08T13:42:29.1573566Z INFO : Adding command to persist installation and download status.
    2018-05-08T13:42:29.1573566Z INFO : Command definition complete.
    2018-05-08T13:42:29.1573566Z INFO : Stage 1 version:1.1.19.0
    2018-05-08T13:42:29.1573566Z INFO : Stage 2 version:1.3.20
    2018-05-08T13:42:29.1573566Z INFO : OS version: 6.1.7601.
    2018-05-08T13:42:29.1573566Z INFO : Service pack: 1.0.
    2018-05-08T13:42:29.1573566Z INFO : System Language: 3082.
    2018-05-08T13:42:29.1573566Z INFO : User Language: 3082.
    2018-05-08T13:42:29.1573566Z INFO : 64 bit: yes.
    2018-05-08T13:42:29.7751205Z INFO : Running System Property Check: VerifyTrust ...
    2018-05-08T13:42:29.8068007Z INFO : System Property Check: VerifyTrust - PASSED
    2018-05-08T13:42:29.8701611Z INFO : Running System Property Check: HostnameLength ...
    2018-05-08T13:42:29.8701611Z INFO : Initialized Winsock subsystem
    2018-05-08T13:42:29.8701611Z INFO : Valid hostname length
    2018-05-08T13:42:29.8701611Z INFO : System Property Check: HostnameLength - PASSED
    2018-05-08T13:42:29.9335215Z INFO : Running System Property Check: GroupNameLength ...
    2018-05-08T13:42:29.9335215Z INFO : System Property Check: GroupNameLength - PASSED
    2018-05-08T13:42:29.9968819Z INFO : Running System Property Check: IsAdministrator ...
    2018-05-08T13:42:29.9968819Z INFO : System Property Check: IsAdministrator - PASSED
    2018-05-08T13:42:30.0602423Z INFO : Running System Property Check: PendingReboots ...
    2018-05-08T13:42:30.0602423Z INFO : System Property Check: PendingReboots - PASSED
    2018-05-08T13:42:30.1236027Z INFO : Running System Property Check: PrimaryDriveSpace ...
    2018-05-08T13:42:30.1236027Z INFO : Enough space: 673924 Mb
    2018-05-08T13:42:30.1236027Z INFO : System Property Check: PrimaryDriveSpace - PASSED
    2018-05-08T13:42:30.1869631Z INFO : Running System Property Check: MsXml ...
    2018-05-08T13:42:30.1869631Z INFO : System Property Check: MsXml - PASSED
    2018-05-08T13:42:30.2503235Z INFO : Running System Property Check: NotFirewall ...
    2018-05-08T13:42:30.2503235Z INFO : System Property Check: NotFirewall - PASSED
    2018-05-08T13:42:30.3136839Z INFO : Running System Property Check: NotHitmanProAlertIncompatible ...
    2018-05-08T13:42:30.3136839Z INFO : No HitmanPro.Alert Installed
    2018-05-08T13:42:30.3136839Z INFO : System Property Check: NotHitmanProAlertIncompatible - PASSED
    2018-05-08T13:42:30.3770443Z INFO : Running System Property Check: NotInvincea ...
    2018-05-08T13:42:30.3770443Z INFO : System Property Check: NotInvincea - PASSED
    2018-05-08T13:42:30.4404047Z INFO : Running System Property Check: NotMessageRelay ...
    2018-05-08T13:42:30.4404047Z INFO : RMS is not installed on the endpoint
    2018-05-08T13:42:30.4404047Z INFO : System Property Check: NotMessageRelay - PASSED
    2018-05-08T13:42:30.5037651Z INFO : Running System Property Check: NotNac ...
    2018-05-08T13:42:30.5037651Z INFO : System Property Check: NotNac - PASSED
    2018-05-08T13:42:30.5671255Z INFO : Running System Property Check: NotPatch ...
    2018-05-08T13:42:30.5671255Z INFO : System Property Check: NotPatch - PASSED
    2018-05-08T13:42:30.6304859Z INFO : Running System Property Check: NotPureMessageDomino ...
    2018-05-08T13:42:30.6304859Z INFO : System Property Check: NotPureMessageDomino - PASSED
    2018-05-08T13:42:30.6938463Z INFO : Running System Property Check: NotPureMessageExchangeWithAntiSpam ...
    2018-05-08T13:42:30.6938463Z INFO : System Property Check: NotPureMessageExchangeWithAntiSpam - PASSED
    2018-05-08T13:42:30.7572067Z INFO : Running System Property Check: NotSharePoint ...
    2018-05-08T13:42:30.7572067Z INFO : System Property Check: NotSharePoint - PASSED
    2018-05-08T13:42:30.8205671Z INFO : Running System Property Check: NotSecServer ...
    2018-05-08T13:42:30.8205671Z INFO : System Property Check: NotSecServer - PASSED
    2018-05-08T13:42:30.8839275Z INFO : Running System Property Check: NotSum ...
    2018-05-08T13:42:30.8839275Z INFO : System Property Check: NotSum - PASSED
    2018-05-08T13:42:30.9472879Z INFO : Running System Property Check: NotTamperProtected ...
    2018-05-08T13:42:30.9472879Z INFO : Sophos Endpoint Defense is not installed
    2018-05-08T13:42:30.9472879Z INFO : System Property Check: NotTamperProtected - PASSED
    2018-05-08T13:42:31.0106483Z INFO : Running System Property Check: RAMSize ...
    2018-05-08T13:42:31.0106483Z INFO : System Property Check: RAMSize - PASSED
    2018-05-08T13:42:31.0740087Z INFO : Running System Property Check: SupportedOS ...
    2018-05-08T13:42:31.0740087Z INFO : Running on workstation.
    2018-05-08T13:42:31.0740087Z INFO : System Property Check: SupportedOS - PASSED
    2018-05-08T13:42:31.1373691Z INFO : Running System Property Check: ValidTempDirectory ...
    2018-05-08T13:42:31.1373691Z INFO : Temp folder exists.
    2018-05-08T13:42:31.1373691Z INFO : System Property Check: ValidTempDirectory - PASSED
    2018-05-08T13:42:31.2007295Z INFO : Running System Property Check: ValidServer ...
    2018-05-08T13:42:31.2007295Z INFO : System Property Check: ValidServer - PASSED
    2018-05-08T13:42:31.2640899Z INFO : Running System Property Check: ValidDeploymentInfo ...
    2018-05-08T13:42:31.2640899Z INFO : Current Time: 2018-05-08T13:42:31.264000
    2018-05-08T13:42:31.2640899Z INFO : This computer is part of the domain UA
    2018-05-08T13:42:31.2640899Z INFO : Domain Name: UA
    2018-05-08T13:42:31.2640899Z INFO : Computer Name: PC0666
    2018-05-08T13:42:31.2640899Z INFO : Computer Description is not available.
    2018-05-08T13:42:31.2640899Z INFO : Operating System: WIN7
    2018-05-08T13:42:31.2640899Z INFO : ProductType: 48
    2018-05-08T13:42:31.2640899Z INFO : Last logged on user was: UA\\lionel.barba
    2018-05-08T13:42:31.2640899Z INFO : Fully Qualified Domain Name: PC0666.ua.com.ar
    2018-05-08T13:42:31.2640899Z INFO : Processor architecture: x64
    2018-05-08T13:42:31.2640899Z INFO : OS Major Version: 6 and OS Minor Version: 1
    2018-05-08T13:42:31.2640899Z INFO : Friendly OS Name: WIN7
    2018-05-08T13:42:31.2640899Z INFO : Is server?: 0
    2018-05-08T13:42:31.2640899Z INFO : Sending HTTP 'POST' request to: sophos/management/ep/install/deployment-info
    2018-05-08T13:42:31.2799300Z WARNING : WinHttpGetProxyForUrl returned: 12180
    2018-05-08T13:42:31.2799300Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
    2018-05-08T13:42:31.2799300Z INFO : Set security protocol: 00000800
    2018-05-08T13:42:31.2799300Z INFO : Opening connection to dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com
    2018-05-08T13:42:31.2799300Z INFO : Sending request for connection confirmation through potential proxy
    2018-05-08T13:42:31.2799300Z INFO : Request content size: 0
    2018-05-08T13:42:31.9452142Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
    2018-05-08T13:42:31.9452142Z INFO : Subject certificate failed validation against root CA: SophosCA1
    2018-05-08T13:42:31.9452142Z INFO : Subject certificate failed validation against root CA: SophosCA2
    2018-05-08T13:42:31.9610543Z INFO : Subject certificate failed validation against root CA: Sophos SHA256 MCS Root CA3
    2018-05-08T13:42:31.9610543Z INFO : Subject certificate failed validation against root CA: Sophos SHA256 MCS Root CA4
    2018-05-08T13:42:31.9610543Z ERROR : Terminating http connection.
    2018-05-08T13:42:31.9610543Z ERROR : WinHttpSendRequest failed with certificate check failure and error 12017
    2018-05-08T13:42:31.9610543Z INFO : Failed to connect using proxy '' with error: WinHttpSendRequest failed: certificate check failure
    2018-05-08T13:42:31.9610543Z ERROR : HTTP error: Failed to connect with any proxy: certificate check failure
    2018-05-08T13:42:31.9610543Z ERROR : System Property Check: ValidDeploymentInfo - FAILED
    2018-05-08T13:42:32.0244147Z INFO : Running System Property Check: InstallationInProgress ...
    2018-05-08T13:42:32.0244147Z INFO : System Property Check: InstallationInProgress - PASSED
    2018-05-08T13:42:32.0877751Z INFO : Running System Property Check: SafeGuardEncryption ...
    2018-05-08T13:42:32.0877751Z INFO : Entered installedProductCode, upgradeCode={BA2F47D3-1C17-40E7-8DE7-1CD733442B6C}
    2018-05-08T13:42:32.0877751Z INFO : Product is not installed
    2018-05-08T13:42:32.0877751Z INFO : Entered installedProductCode, upgradeCode={C48CCEDE-A264-411F-AB82-BC9D67B8344B}
    2018-05-08T13:42:32.0877751Z INFO : Product is not installed
    2018-05-08T13:42:32.0877751Z INFO : licensesContainFeature(FILE_ENCRYPTION): false
    2018-05-08T13:42:32.0877751Z INFO : licensesContainFeature(DEVICE_ENCRYPTION): false
    2018-05-08T13:42:32.0877751Z INFO : System Property Check: SafeGuardEncryption - PASSED

  • 0 in reply to Lionel Barba

    Hello Lionel14,

    it says the certificate check fails when connecting to dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com - when you browse to this site, do you get a valid certificate or is the issuer one of the four listed in the log?

    Christian

  • 0 in reply to QC

    QC said:
    it says the certificate check fails when connecting to dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com - when you browse to this site, do you get a valid certificate or is the issuer one of the four listed in the log?

     

    Yes and I do not know why this happens, but we have this same problem, but I really appreciate if you have all the rules or web connections we need to put the fw to not have this problem.

     

    Thanks for all you help

  • 0 in reply to Lionel Barba

    Hello Lionel14,

    Yes
    yes you get a connection or yes you get a certificate error?
    There's a recent thread with a similar issue but there a proxy seems to be involved. Maybe can give you helpful advice as I don't know how it's supposed to work.

    Christian

  • 0 in reply to QC

    hi christian,

    sorry for the mistake.  we didn't have conection to this urls . i talk to own network admin  and he can't see any alert or block to this certificates, but  he was working around the urls u show me in the log(he didn't tell me what he did ), but right now i can download the client of endpoint protection in to the terminal's.  he tell me its a rare issue because we don't ve a block in own fw for this links or certificates, what I think that can cause problems is that we have the http / https inspector active, but I do not think that is the problem since with no other service we have this problem, but I do not know if it is related.

    my fear is that the same thing happens again, could you check if there is a problem with this? I see the other post and they seem to have the same problem and I report it almost at the same time as me.

    thanks

  • +1 in reply to Lionel Barba

    Hello,

    Which Firewall are you using? It looks like SSL inspection might be responsible here.

    Stephen

  • +2 in reply to StephenMcKay

    StephenMcKay said:

    Hello,

    Which Firewall are you using? It looks like SSL inspection might be responsible here.

    Stephen

     

    Hello Stephen,

     

    We are using checkpoint. Thanks for your observation, the only thing that seems strange to me is that I did not make any changes, but the problem was presented anyway.
    For the moment our network administrator solved the problem according to the tests and analysis of the log that Christian sent us, but as he said to him, the only fear we have is that this will fail again and we will be unable to install or update of the endpoint protection, It would be good if you check on your side if there was not any change in the way to contact and verify the certificates.

    Anyway, the problem is solved, a thousand thanks to both.

Unfiltered HTML