Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 9 subscribers
  • Views 6909 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos installation failed on Windows 10

Danny Boy

Hi,


I have an issue installing Sophos AV on my Windows 10 computer. 

Installation down without error but when I check it, Sophos was greyed and not able to open it.

Also checked on Control Panel and found no Sophos Antivirus installed. 

Anyone can help? Is it related with Windows Defender?

 

Thanks.



This thread was automatically locked due to age.
Parents
  • 0

    We need to see the SAV MSI install log and custom action log.  The file names will have the same timestamp to show the pair.

    It will either be in \windows\temp\ or %temp% depending on who was running the installer.

    Regards,
    Jak

  • 0 in reply to jak

    Jak,

     

    Refer below:

     

    Sophos AV installation Log

    =================

    2018-11-22 16:08:32 Unable to delete registry value: SOFTWARE\Sophos\AutoUpdate\UpdateStatus\CrtResult, assuming it does not exist
    2018-11-22 16:08:32 INFO: Unable to find the CRT directory, continuing with installation.
    2018-11-22 16:08:32 PROCESSOR_ARCHITECTURE environment variable is: AMD64
    2018-11-22 16:08:32 Info: Logging started: installing/upgrading Sophos Anti-Virus
    2018-11-22 16:08:32 Info: InstallFromPath is: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\
    2018-11-22 16:08:32 Info: InstallToPath is:
    2018-11-22 16:08:32 Info: SAV is not installed. Installing to {InstallToPath}
    2018-11-22 16:08:32 INFO: Checking the validity of the VDL manifest file.
    2018-11-22 16:08:33 INFO: The manifest file has been successfully validated.
    2018-11-22 16:08:33 INFO: Checking the validity of the AppFeed manifest file.
    2018-11-22 16:08:33 INFO: The manifest file has been successfully validated.
    2018-11-22 16:08:33 ERROR: Install threw std::exception: FeatureSet(): CoCreateInstance failed

     

    Custom action Log

    ===========

    2018-11-19 17:38:01 ExtractClassicConfig: Action started
    2018-11-19 17:38:01 ExtractClassicConfig: Action succeeded
    2018-11-19 17:38:02 PreInstallChecks: Action started
    2018-11-19 17:38:02 PreInstallChecks: Action succeeded
    2018-11-19 17:38:02 SetBootDriverStartupProperty: Action started
    2018-11-19 17:38:02 SetBootDriverStartupProperty: Error getting boot driver status (0x80070005)
    2018-11-19 17:38:02 SetBootDriverStartupProperty: Action failed

     

    Regards.

  • 0 in reply to Danny Boy

    This is most significant:
    "ERROR: Install threw std::exception: FeatureSet(): CoCreateInstance failed"

    Given that log, the version of SAV isn't the very latest.  I see a little more logging around this, you may need to subscribe to the EAP in Central to get that version though.

    2018-11-20 20:00:05 INFO: The manifest file has been successfully validated.
    2018-11-20 20:00:05 Info: Managed install (from SAU)
    2018-11-20 20:00:05 Info: MSXML6 is installed

    Either way, I think FeatureSet call is trying to create an instance of MSXML3 (possibly 2) to load VVF.xml.  Running Process Monitor would reveal if this is what is happening.

    You could ensure that msxml2/3 are registered using regsvr32.  Other than that, I've seen a similar issue if the global atom table for the System process in a non interactive session has been depleted.  This would only be an issue if it was AutoUpdate installing SAV as this would be being installed as SYSTEM in a non interactive session. 

    If this is Sophos Central and you are running the Central installer, then SAV is first installed as the logged on user so this can't be the cause at least for the initial install.

    Was this failure when AutoUpdate failed to install SAV or when the Central Installer failed to install SAV?

    If SAU was installed SAV, then these logs would have come from \windows\temp\.  If the Central installer was installing SAV they would be from %temp%, i.e the temp directory of the installing user.  Knowing which user was trying to install SAV is important for the global atom table theory.

    If you restart the computer and immediately re-try does it work?  If so, I suspect there is a process running as system, in a non interactive session that is exhausting the global atom table which caused the issue.

    Regards,
    Jak

Reply
  • 0 in reply to Danny Boy

    This is most significant:
    "ERROR: Install threw std::exception: FeatureSet(): CoCreateInstance failed"

    Given that log, the version of SAV isn't the very latest.  I see a little more logging around this, you may need to subscribe to the EAP in Central to get that version though.

    2018-11-20 20:00:05 INFO: The manifest file has been successfully validated.
    2018-11-20 20:00:05 Info: Managed install (from SAU)
    2018-11-20 20:00:05 Info: MSXML6 is installed

    Either way, I think FeatureSet call is trying to create an instance of MSXML3 (possibly 2) to load VVF.xml.  Running Process Monitor would reveal if this is what is happening.

    You could ensure that msxml2/3 are registered using regsvr32.  Other than that, I've seen a similar issue if the global atom table for the System process in a non interactive session has been depleted.  This would only be an issue if it was AutoUpdate installing SAV as this would be being installed as SYSTEM in a non interactive session. 

    If this is Sophos Central and you are running the Central installer, then SAV is first installed as the logged on user so this can't be the cause at least for the initial install.

    Was this failure when AutoUpdate failed to install SAV or when the Central Installer failed to install SAV?

    If SAU was installed SAV, then these logs would have come from \windows\temp\.  If the Central installer was installing SAV they would be from %temp%, i.e the temp directory of the installing user.  Knowing which user was trying to install SAV is important for the global atom table theory.

    If you restart the computer and immediately re-try does it work?  If so, I suspect there is a process running as system, in a non interactive session that is exhausting the global atom table which caused the issue.

    Regards,
    Jak

Children
No Data
Unfiltered HTML