This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SAVAdminService and SavService being removed and re-installed

I have a strange problem with a P.C. on the network it is constantly removing and reinstalling SavAdmin and SavService, I get EVEREST reports (of software changes) every 30 minutes like this :

* Service removed: SAVAdminService,Sophos Anti-Virus status reporter,SAVAdminService.exe,9.5.4.9570
* Service removed: SAVService,Sophos Anti-Virus,SavService.exe,9.5.0.9530

* New service installed: SAVAdminService,Sophos Anti-Virus status reporter,SAVAdminService.exe,9.5.4.9570
* New service installed: SAVService,Sophos Anti-Virus,SavService.exe,9.5.0.9530

then another :

* Service removed: SAVAdminService,Sophos Anti-Virus status reporter,SAVAdminService.exe,9.5.4.9570
* Service removed: SAVService,Sophos Anti-Virus,SavService.exe,9.5.0.9530

* New service installed: SAVAdminService,Sophos Anti-Virus status reporter,SAVAdminService.exe,9.5.4.9570
* New service installed: SAVService,Sophos Anti-Virus,SavService.exe,9.5.0.9530

Any ideas what is causing this, Sophos endpoint is configured to update the clients every 30 minutes but no other P.C.s are doing this.

This thread was automatically locked due to age.

Parents

0 jak over 13 years ago

HI,

That shows that SAV is failing to install, which explains what you report, SAU keeps trying to install it every 30 minutes and it fails each time.

The lines of interest are:

MSI (s) (DC:08) [06:45:41:429]: Executing op: FileCopy(SourceName=TAMPER~1.DLL|TamperProtectionControl.dll,SourceCabKey=tamperprotectioncontrol.dll,DestName=TamperProtectionControl.dll,Attributes=8192,FileSize=44784,PerTick=32768,,VerifyMedia=1,,,,,CheckCRC=0,Version=9.5.0.9530,Language=1033,InstallMode=126091264,,,,,,,)
MSI (s) (DC:08) [06:45:41:429]: File: C:\Program Files\Sophos\Sophos Anti-Virus\TamperProtectionControl.dll;	Won't Overwrite;	Won't patch;	Existing file is of an equal version
MSI (s) (DC:08) [06:45:41:429]: Executing op: FileCopy(SourceName=TAMPER~2.DLL|TamperProtectionManagement.dll,SourceCabKey=tamperprotectionmanagement.d,DestName=TamperProtectionManagement.dll,Attributes=8192,FileSize=110832,PerTick=32768,,VerifyMedia=1,,,,,CheckCRC=0,Version=9.5.0.9530,Language=1033,InstallMode=126091264,,,,,,,)
MSI (s) (DC:08) [06:45:56:163]: File: C:\Program Files\Sophos\Sophos Anti-Virus\TamperProtectionManagement.dll;	To be installed;	Won't patch;	No existing file
MSI (s) (DC:08) [06:45:56:163]: Source for file 'TamperProtectionManagement.dll' is uncompressed, at 'C:\Program Files\Sophos\AutoUpdate\cache\savxp\program files\Sophos\Sophos Anti-Virus\'.
MSI (s) (DC:08) [06:46:45:211]: Note: 1: 2318 2: C:\Program Files\Sophos\Sophos Anti-Virus\TamperProtectionManagement.dll 
MSI (s) (DC:08) [06:47:14:618]: Note: 1: 1310 2: 23 3: C:\Program Files\Sophos\Sophos Anti-Virus\TamperProtectionManagement.dll 
MSI (s) (DC:08) [06:47:14:633]: Product: Sophos Anti-Virus -- Error 1310.Error writing to file: C:\Program Files\Sophos\Sophos Anti-Virus\TamperProtectionManagement.dll.  System error 23.  Verify that you have access to that directory.

Can you try renaming the file referenced (C:\Program Files\Sophos\Sophos Anti-Virus\TamperProtectionManagement.dll ) and force another update? Do you get a problem with the same file in the next log file generated?

I also notice, you're installing 9.5, which is a bit old. There was 9.7 and now SAV 10. So it might be worth uninstalling and starting again on the latest but try the above first. It may trip up on another file of course but the next log should reveal all.

Regards,

Jak

Reply

0 jak over 13 years ago

HI,

That shows that SAV is failing to install, which explains what you report, SAU keeps trying to install it every 30 minutes and it fails each time.

The lines of interest are:

MSI (s) (DC:08) [06:45:41:429]: Executing op: FileCopy(SourceName=TAMPER~1.DLL|TamperProtectionControl.dll,SourceCabKey=tamperprotectioncontrol.dll,DestName=TamperProtectionControl.dll,Attributes=8192,FileSize=44784,PerTick=32768,,VerifyMedia=1,,,,,CheckCRC=0,Version=9.5.0.9530,Language=1033,InstallMode=126091264,,,,,,,)
MSI (s) (DC:08) [06:45:41:429]: File: C:\Program Files\Sophos\Sophos Anti-Virus\TamperProtectionControl.dll;	Won't Overwrite;	Won't patch;	Existing file is of an equal version
MSI (s) (DC:08) [06:45:41:429]: Executing op: FileCopy(SourceName=TAMPER~2.DLL|TamperProtectionManagement.dll,SourceCabKey=tamperprotectionmanagement.d,DestName=TamperProtectionManagement.dll,Attributes=8192,FileSize=110832,PerTick=32768,,VerifyMedia=1,,,,,CheckCRC=0,Version=9.5.0.9530,Language=1033,InstallMode=126091264,,,,,,,)
MSI (s) (DC:08) [06:45:56:163]: File: C:\Program Files\Sophos\Sophos Anti-Virus\TamperProtectionManagement.dll;	To be installed;	Won't patch;	No existing file
MSI (s) (DC:08) [06:45:56:163]: Source for file 'TamperProtectionManagement.dll' is uncompressed, at 'C:\Program Files\Sophos\AutoUpdate\cache\savxp\program files\Sophos\Sophos Anti-Virus\'.
MSI (s) (DC:08) [06:46:45:211]: Note: 1: 2318 2: C:\Program Files\Sophos\Sophos Anti-Virus\TamperProtectionManagement.dll 
MSI (s) (DC:08) [06:47:14:618]: Note: 1: 1310 2: 23 3: C:\Program Files\Sophos\Sophos Anti-Virus\TamperProtectionManagement.dll 
MSI (s) (DC:08) [06:47:14:633]: Product: Sophos Anti-Virus -- Error 1310.Error writing to file: C:\Program Files\Sophos\Sophos Anti-Virus\TamperProtectionManagement.dll.  System error 23.  Verify that you have access to that directory.

Regards,

Jak

Children

No Data