In mid-December we upgraded from 9.5 to 10.0. In early January, as our financial geeks cranked up their workload, we discovered that something with Endpoint 10.0 caused logins to our Oracle Fusion workplace website to lock up the Internet Explorer session during login. .
After dozens of hours of troubleshooting - including a support case with Sophos (where absolutely nothing was determined), the only thing that worked was to bring up a 2nd Enterprise console with 9.5 installed and roll the users of the Oracle web fusion site back to a previous version and hope that Oracle updates some of their 3-generations behind the rest of the world code before 9.x is EOL'd by Sophos.
One of our workstations used to test on had Sophos 9.5, upgraded to 10.0, then Sohos was uninstalled. Now no version will install.
Part of the install is completed - the Autoupdate gets installed and the service started, but when the SAV install runs, it fails with a 00000067 "Failed to install SAVXP. The MSI has failed".
In the SAV install log we see:
MSI (s) (C8:20) [07:00:55:914]: Note: 1: 1722 2: InstallClassFilterX64Vista 3: C:\Windows\SysWOW64\ 4: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\NATIVE.EXE /lhi "C:\ProgramData\Sophos\AutoUpdate\cache\savxp\ClassFilterDrivers\AMD64\SDCFILTER.INF"
CustomAction InstallClassFilterX64Vista returned actual error code -1077 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (s) (C8:20) [07:00:55:914]: Product: Sophos Anti-Virus -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action InstallClassFilterX64Vista, location: C:\Windows\SysWOW64\, command: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\NATIVE.EXE /lhi "C:\ProgramData\Sophos\AutoUpdate\cache\savxp\ClassFilterDrivers\AMD64\SDCFILTER.INF"
When the Native.exe runs, Windows briefly pops up one of those "Something needs your attention" notifications on the task bar, but if you open it, it says that the item no longer requires your attention.
The Custom Actions log doesn't seem remarkable - but does show:
2012-01-25 07:00:56 SetUpdateFailed: Unable to create an instance of ComponentManager - SystemInformation cannot be informed of end of update
2012-01-25 07:00:56 SetUpdateFailed: Action succeeded
Subsequent installation tries (on the autoupdate schedule - every 20 minutes) show pretty much the same thing.
From previous threads, I see where this might be related to an botched/incomplete uninstall of an older product - however - I've done as complete an uninstall as I know how to do - restarted the machine, removed remaining files, folders, etc. Even cleaned out the App_Init reg keys and deleted those pesky sophos_detoured dll files.
Yet, the SAV install log still shows a line:
Property(S): UNINSTALLERROR = An older version of Sophos Anti-Virus has not been fully removed from your machine. Please reboot your machine before attempting to install Sophos Anti-Virus.
I could just re-deploy the workstation - but it's got a ton of stuff installed on it that would be a royal pain to rebuild.
I do have an open case with Sophos - however they've not given me any new updates in over a week - so I'm sure it's just idling on someones backburner because it's only a single machine.
Does anyone have an idea? If you manually try to run the .INF file that the Native.exe process runs - while watching process monitor - you see access denied to windows\system32 and various subfolders within ....however, comparing permissions with other Windows 7 machines - I find nothing to fix.
Thanks in advance for any suggestions.
This thread was automatically locked due to age.
