sophos services not running

Its current value is 'C:\ProgramData\Sophos\Sophos System Protection\Logs'. Compare Sophos Endpoint Protection VS ngrok and find out what's different, what people are saying, and what are their alternatives . DLL: C:\Windows\Installer\MSI672B.tmp, Entrypoint: RequestUnrestrictedSSPSidMSI (s) (24:B8) [16:21:07:376]: Executing op: ActionStart(Name=ApplyPermissionsToFolders,,)RequestUnrestrictedSSPSid: Initialized.MSI (s) (24:B8) [16:21:07:376]: Executing op: CustomActionSchedule(Action=ApplyPermissionsToFolders,ActionType=1025,Source=BinaryData,Target=ApplyPermissionsToFolders,CustomActionData=C:\ProgramData\Sophos\Sophos System Protection\|C:\ProgramData\Sophos\Sophos System Protection\Logs\|C:\ProgramData\Sophos\Sophos System Protection\Config\|C:\ProgramData\Sophos\Sophos System Protection\Data\)MSI (s) (24:8C) [16:21:07:395]: Invoking remote custom action. Its value is '200'.MSI (s) (24:B8) [16:21:01:328]: SHELL32::SHGetFolderPath returned: C:\Windows\system32\config\systemprofile\AppData\RoamingMSI (s) (24:B8) [16:21:01:329]: SHELL32::SHGetFolderPath returned: C:\Windows\system32\config\systemprofile\FavoritesMSI (s) (24:B8) [16:21:01:330]: SHELL32::SHGetFolderPath returned: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network ShortcutsMSI (s) (24:B8) [16:21:01:331]: SHELL32::SHGetFolderPath returned: C:\Windows\system32\config\systemprofile\DocumentsMSI (s) (24:B8) [16:21:01:332]: SHELL32::SHGetFolderPath returned: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer ShortcutsMSI (s) (24:B8) [16:21:01:333]: SHELL32::SHGetFolderPath returned: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\RecentMSI (s) (24:B8) [16:21:01:334]: SHELL32::SHGetFolderPath returned: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendToMSI (s) (24:B8) [16:21:01:335]: SHELL32::SHGetFolderPath returned: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\TemplatesMSI (s) (24:B8) [16:21:01:335]: SHELL32::SHGetFolderPath returned: C:\ProgramDataMSI (s) (24:B8) [16:21:01:336]: SHELL32::SHGetFolderPath returned: C:\Windows\system32\config\systemprofile\AppData\LocalMSI (s) (24:B8) [16:21:01:337]: SHELL32::SHGetFolderPath returned: C:\Windows\system32\config\systemprofile\PicturesMSI (s) (24:B8) [16:21:01:339]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative ToolsMSI (s) (24:B8) [16:21:01:340]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartupMSI (s) (24:B8) [16:21:01:341]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\ProgramsMSI (s) (24:B8) [16:21:01:342]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start MenuMSI (s) (24:B8) [16:21:01:342]: SHELL32::SHGetFolderPath returned: C:\Users\Public\DesktopMSI (s) (24:B8) [16:21:01:344]: SHELL32::SHGetFolderPath returned: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative ToolsMSI (s) (24:B8) [16:21:01:345]: SHELL32::SHGetFolderPath returned: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupMSI (s) (24:B8) [16:21:01:346]: SHELL32::SHGetFolderPath returned: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\ProgramsMSI (s) (24:B8) [16:21:01:347]: SHELL32::SHGetFolderPath returned: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start MenuMSI (s) (24:B8) [16:21:01:348]: SHELL32::SHGetFolderPath returned: C:\Windows\system32\config\systemprofile\DesktopMSI (s) (24:B8) [16:21:01:350]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\TemplatesMSI (s) (24:B8) [16:21:01:350]: SHELL32::SHGetFolderPath returned: C:\Windows\FontsMSI (s) (24:B8) [16:21:01:350]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16 MSI (s) (24:B8) [16:21:01:356]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated.MSI (s) (24:B8) [16:21:01:356]: PROPERTY CHANGE: Adding MsiRunningElevated property. Is this a new function witch come with an update? Disclaimer: This informationis posted as-is and the content should be referenced at your own risk. Return value 1.MSI (s) (24:B8) [16:21:07:200]: PROPERTY CHANGE: Adding StartSspServiceRollback property. Reconfiguration success or error status: 0. Product and Environment Sophos Endpoint Self Help Tool Related information Start all Sophos services. Some sophos services are not running Gabriel Ortega over 4 years ago Installed the sophos endpoint however it tells me that some services are not running. Its value is '{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}'.MSI (s) (24:B8) [16:21:07:207]: SOURCEDIR ==> C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ssp\MSI (s) (24:B8) [16:21:07:207]: SOURCEDIR product ==> {1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}MSI (s) (24:B8) [16:21:07:208]: SECREPAIR: CryptAcquireContext succeededMSI (s) (24:B8) [16:21:07:208]: Determining source typeMSI (s) (24:B8) [16:21:07:208]: Source type from package 'SophosSystemProtection.msi': 0MSI (s) (24:B8) [16:21:07:208]: SECREPAIR: Hash Database: C:\Windows\Installer\SourceHash{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}MSI (s) (24:B8) [16:21:07:222]: SECREPAIR: filename: SophosSystemProtection.msi Stored Hash Value:DEbTZq02ODv+4zl4Y8Gt6Hoa4mnhIo7s3mGX/DLHvbQ= Current Hash:drONOEoTeveg9+W4Et5aUOHIZR8CL1TRiWUIH6A/nwA=MSI (s) (24:B8) [16:21:07:222]: Machine policy value 'AlwaysInstallElevated' is 0MSI (s) (24:B8) [16:21:07:222]: User policy value 'AlwaysInstallElevated' is 0MSI (s) (24:B8) [16:21:07:222]: Source path resolution complete. Return value 1.Action start 16:21:07: SetupShsUserAccountRollback.MSI (s) (24:B8) [16:21:07:197]: Doing action: SetupShsUserAccount.SetPropertyMSI (s) (24:B8) [16:21:07:197]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: SetupShsUserAccountRollback. Its value is 'VOMUS'.MSI (s) (24:B8) [16:21:01:323]: PROPERTY CHANGE: Adding INSTALLINGVERSION property. Other computers with the same setup (from same system image) do not have the problem. Welcome to the Snap! Return value 0.Action start 16:21:07: RegisterProduct.MSI (s) (24:B8) [16:21:07:207]: Re-registering product - performing upgrade of existing installation.MSI (s) (24:B8) [16:21:07:207]: Resolving source.MSI (s) (24:B8) [16:21:07:207]: Resolving source to launched-from source.MSI (s) (24:B8) [16:21:07:207]: Setting launched-from source as last-used.MSI (s) (24:B8) [16:21:07:207]: PROPERTY CHANGE: Adding SourceDir property. EcholoN. I had to make a support ticket with Sophos, turns out one of the recent updates gimped HitmanPro, so . Its value is 'sophossps'.Action start 16:21:06: StopSspServiceRollback.SetProperty.MSI (s) (24:B8) [16:21:06:998]: Doing action: StopSspServiceRollbackMSI (s) (24:B8) [16:21:06:998]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:06: StopSspServiceRollback.SetProperty. Return value 0.Action start 16:21:01: LaunchConditions.MSI (s) (24:B8) [16:21:01:361]: Doing action: ValidateProductIDMSI (s) (24:B8) [16:21:01:361]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:01: LaunchConditions. Return value 1.MSI (s) (24:B8) [16:21:07:195]: PROPERTY CHANGE: Adding SetupShsUserAccountRollback property. 4 - Rebooting the Mac. Seems like there should be an easier fix! The local subnet defines the network resources that remote clients can access. The option was not intended as a fix, just as a way of getting more information about which services were missing on each client to see if there was a common theme. Letjen. When the connection is up and running i can start MSTSC from my local windows 11 and connect to the server and take over the session. The availability of components is controlled with your Sophos Update Manager subscription. This will at least give you the information. Jakarta +62 21 23585781. I think you could have just waited for the next update or force an "update now" from the UI and AutoUpdate would have had another retry at installing the SAV component. Return value 1.Action start 16:21:07: InstallFiles.MSI (s) (24:B8) [16:21:07:053]: Note: 1: 2205 2: 3: Patch MSI (s) (24:B8) [16:21:07:053]: Note: 1: 2228 2: 3: Patch 4: SELECT `Patch`.`File_`, `Patch`.`Header`, `Patch`.`Attributes`, `Patch`.`Sequence`, `Patch`.`StreamRef_` FROM `Patch` WHERE `Patch`.`File_` = ? Connect with Sophos Support, get alerted, and be informed. Sign into your account, take a tour, or start a trial from here. Make sure, If running OS 10.13 and newer, ensure that you have. Its current value is '1'.MSI (s) (24:B8) [16:21:09:539]: Doing action: RegisterWithAutoUpdate.4D96E9F9_7E7B_4556_8D25_ABEE814FE4E0MSI (s) (24:B8) [16:21:09:539]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:09: InstallFinalize. When you start a virtual machine, we use a change to the device name to determine whether you're starting a new clone. Return value 1.MSI (s) (24:B8) [16:21:07:190]: Doing action: SetupSspUserAccountRollback.SetPropertyVistaOrLaterMSI (s) (24:B8) [16:21:07:190]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: SchedServiceConfig. Its value is 'INSTALL'.MSI (s) (24:B8) [16:21:01:357]: Doing action: INSTALLMSI (s) (24:B8) [16:21:01:357]: Note: 1: 2205 2: 3: ActionText Action start 16:21:01: INSTALL.MSI (s) (24:B8) [16:21:01:358]: Running ExecuteSequenceMSI (s) (24:B8) [16:21:01:358]: Doing action: FindRelatedProductsMSI (s) (24:B8) [16:21:01:358]: Note: 1: 2205 2: 3: ActionText MSI (s) (24:B8) [16:21:01:359]: Skipping FindRelatedProducts action: not run in maintenance modeAction start 16:21:01: FindRelatedProducts.MSI (s) (24:B8) [16:21:01:360]: Doing action: LaunchConditionsMSI (s) (24:B8) [16:21:01:360]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:01: FindRelatedProducts. Its value is '1'.Action start 16:21:01: CostFinalize.MSI (s) (24:B8) [16:21:01:377]: Doing action: SetRegisterWithAutoUpdateMSI (s) (24:B8) [16:21:01:377]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:01: CostFinalize. Installed the sophos endpoint however it tells me that some services are not running. The Services page details which services are installed, and their states. Return value 1.Action start 16:21:07: ApplyPermissionsToFoldersOnRollback.MSI (s) (24:B8) [16:21:07:031]: Doing action: RequestUnrestrictedSSPSidOnRollbackMSI (s) (24:B8) [16:21:07:031]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: ApplyPermissionsToFoldersOnRollback. Return value 1.MSI (s) (24:B8) [16:21:07:191]: PROPERTY CHANGE: Adding SetupSspUserAccountRollback property. Its value is 'ALL'.MSI (s) (24:B8) [16:21:01:323]: PROPERTY CHANGE: Adding REINSTALLMODE property. Its value is 'C:\ProgramData\Sophos\Sophos System Protection\|C:\ProgramData\Sophos\Sophos System Protection\Logs\|C:\ProgramData\Sophos\Sophos System Protection\Config\|C:\ProgramData\Sophos\Sophos System Protection\Data\'.Action start 16:21:07: ApplyPermissionsToFoldersOnRollback.SetProperty.MSI (s) (24:B8) [16:21:07:027]: Doing action: ApplyPermissionsToFoldersOnRollbackMSI (s) (24:B8) [16:21:07:027]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: ApplyPermissionsToFoldersOnRollback.SetProperty. Its installation always fail. Always get this, unless you use the self-installing executable.There are three versions that run as an MS-Windows application. Sophos Endpoint Agent is the problem. Its value is '5365f1866847d342987fdcfdf5230400'.MSI (s) (24:B8) [16:21:01:326]: RESTART MANAGER: Session opened.MSI (s) (24:B8) [16:21:01:326]: PROPERTY CHANGE: Adding MsiSystemRebootPending property. Return value 1.Action start 16:21:07: StartSspService.MSI (s) (24:B8) [16:21:07:205]: Doing action: RegisterUserMSI (s) (24:B8) [16:21:07:205]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: StartSspService. Its value is 'NT SERVICE\sophossps;GENERIC_READ'.Action start 16:21:07: SetupShsUserAccount.SetProperty.MSI (s) (24:B8) [16:21:07:197]: Doing action: SetupShsUserAccountMSI (s) (24:B8) [16:21:07:197]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: SetupShsUserAccount.SetProperty. Net start scvpn. Return value 1.MSI (s) (24:B8) [16:21:07:227]: Running Script: C:\Windows\Installer\MSI65AF.tmpMSI (s) (24:B8) [16:21:07:227]: PROPERTY CHANGE: Adding UpdateStarted property. Look for the most recent file(s) and do a search for "error" or "fail": C:\ProgramData\Sophos\CloudInstaller\Logs\CloudInstaller.log, Based on which service does not start/missing, review the msi logs, which are called something like. A recent update (I was notified when I logged into Central) changed that and lets it install from a local cache, though I'm not yet sure that's helping as much as it should. For each service 0 is running 1 is not. That said, If you open up the Developer Tools (Hit F12 in Chrome for Example). {ouX0Qc@+gh1]WZFRU)MSI (s) (24:B8) [16:21:09:422]: Executing op: ActionStart(Name=PublishProduct,Description=Publishing product information,)MSI (s) (24:B8) [16:21:09:422]: Executing op: IconCreate(Icon=sspIcon.ico,Data=BinaryData)MSI (s) (24:B8) [16:21:09:425]: Verifying accessibility of file: sspIcon.icoMSI (s) (24:B8) [16:21:09:448]: Note: 1: 2318 2: MSI (s) (24:B8) [16:21:09:458]: Executing op: PackageCodePublish(PackageKey={8A3EE444-F60F-44F2-B42C-14907395E0A6})MSI (s) (24:B8) [16:21:09:460]: Executing op: CleanupConfigData()MSI (s) (24:B8) [16:21:09:460]: Executing op: RegisterPatchOrder(Continue=0,SequenceType=1,Remove=0)MSI (s) (24:B8) [16:21:09:469]: Executing op: ProductPublishUpdate()MSI (s) (24:B8) [16:21:09:472]: Executing op: SourceListRegisterLastUsed(SourceProduct={1093B57D-A613-47F3-90CF-0FD5C5DCFFE6},LastUsedSource=C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ssp\)MSI (s) (24:B8) [16:21:09:472]: Entering CMsiConfigurationManager::SetLastUsedSource.MSI (s) (24:B8) [16:21:09:472]: Specifed source is already in a list.MSI (s) (24:B8) [16:21:09:472]: User policy value 'SearchOrder' is 'nmu'MSI (s) (24:B8) [16:21:09:472]: Adding new sources is allowed.MSI (s) (24:B8) [16:21:09:472]: Set LastUsedSource to: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ssp\.MSI (s) (24:B8) [16:21:09:472]: Set LastUsedType to: n.MSI (s) (24:B8) [16:21:09:472]: Set LastUsedIndex to: 1.MSI (s) (24:B8) [16:21:09:473]: Executing op: End(Checksum=0,ProgressTotalHDWord=0,ProgressTotalLDWord=6630819)MSI (s) (24:B8) [16:21:09:478]: User policy value 'DisableRollback' is 0MSI (s) (24:B8) [16:21:09:478]: Machine policy value 'DisableRollback' is 0MSI (s) (24:B8) [16:21:09:524]: Note: 1: 2318 2: MSI (s) (24:B8) [16:21:09:528]: Note: 1: 2318 2: MSI (s) (24:B8) [16:21:09:530]: No System Restore sequence number for this installation.MSI (s) (24:B8) [16:21:09:530]: Unlocking ServerMSI (s) (24:B8) [16:21:09:538]: PROPERTY CHANGE: Deleting UpdateStarted property. 2. To continue this discussion, please ask a new question. Sometimes, after installing Sophos Endpoint on a machine, some Sophos services requiring system-level access to detect and clean threats do not get granted automatically. DLL: C:\Windows\Installer\MSI6FBA.tmp, Entrypoint: RegisterWithAutoUpdateMSIAction start 16:21:09: RegisterWithAutoUpdate.4D96E9F9_7E7B_4556_8D25_ABEE814FE4E0.MSI (s) (24:B8) [16:21:09:575]: Skipping action: UnregisterWithAutoUpdate.4D96E9F9_7E7B_4556_8D25_ABEE814FE4E0 (condition is false)Action ended 16:21:09: RegisterWithAutoUpdate.4D96E9F9_7E7B_4556_8D25_ABEE814FE4E0. DLL: C:\Windows\Installer\MSI6E9F.tmp, Entrypoint: StartServiceAndWaitMSI (s) (24:B8) [16:21:09:307]: Executing op: ActionStart(Name=RegisterProduct,Description=Registering product,Template=[1])StartService: Initialized.MSI (s) (24:B8) [16:21:09:307]: Executing op: ChangeMedia(,MediaPrompt=Please insert the disk: ,,BytesPerTick=0,CopierType=0,,,,,,IsFirstPhysicalMedia=1)MSI (s) (24:B8) [16:21:09:307]: Executing op: DatabaseCopy(DatabasePath=C:\Windows\Installer\2144f81.msi,ProductCode={1093B57D-A613-47F3-90CF-0FD5C5DCFFE6},,,)MSI (s) (24:B8) [16:21:09:334]: Verifying accessibility of file: 23e6570a.msiMSI (s) (24:B8) [16:21:09:375]: File will have security applied from OpCode.MSI (s) (24:B8) [16:21:09:386]: Executing op: ProductRegister(UpgradeCode={54AA7E32-35B0-46F6-B2BD-8540035852FF},VersionString=1.3.0,HelpLink=www.sophos.com//contacting,,InstallSource=C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ssp\,Publisher=Sophos Limited,URLInfoAbout=www.sophos.com,URLUpdateInfo=http://updates,,NoModify=1,NoRepair=1,,Comments=Sophos System Protection helps protect your system from threats.,Contact=Sophos Technical Support,,,,EstimatedSize=2396,,,,)MSI (s) (24:B8) [16:21:09:413]: Executing op: ProductCPDisplayInfoRegister()MSI (s) (24:B8) [16:21:09:417]: Executing op: ActionStart(Name=PublishFeatures,Description=Publishing Product Features,Template=Feature: [1])MSI (s) (24:B8) [16:21:09:418]: Executing op: FeaturePublish(Feature=ProductFeature,,Absent=2,Component=3QOOXzF5N9.@OLCytHnO5VkWu]hC1@uq)4_un%3--x$'v{avOAO@![Ax'FBLQwB.a5Q-]AcYWz$eO,?=8ag%kUCdc=UnJrT0P@8CgX'VF}TFr9EYnd7&pyE3EcWj=ix8e@GFFbf3T,QNR~6?TZY9W9H7w+ob@s6HP%`sw+(_cAvjJHW8*'&'yR3!wx_6~=GXwVCwhWe*^pt~db1QdA(4+J!3ZM.bgQqg-KOas=%)zVOiQfk60! Return value 1.MSI (s) (24:E8) [16:21:07:107]: Invoking remote custom action. The error given is 'Some Sophos services not running' or 'Some Sophos services missing'. And they are all running fine. Sophos Network Threat Protection (NTP) Service not starting. Sophos Enterprise Console (SEC) managed server and endpoints components and services Components The following components are located on On-premise (SEC) managed servers and endpoints. Return value 0.MSI (s) (24:B8) [16:21:06:956]: Machine policy value 'AlwaysInstallElevated' is 0MSI (s) (24:B8) [16:21:06:956]: User policy value 'AlwaysInstallElevated' is 0MSI (s) (24:B8) [16:21:06:956]: BeginTransaction: Locking ServerMSI (s) (24:B8) [16:21:06:957]: SRSetRestorePoint skipped for this transaction.MSI (s) (24:B8) [16:21:06:957]: Server not locked: locking for product {1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}Action start 16:21:06: InstallInitialize.MSI (s) (24:B8) [16:21:06:984]: Doing action: ProcessComponentsMSI (s) (24:B8) [16:21:06:984]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:06: InstallInitialize. Its value is '1'.=== Logging started: 2/22/2016 16:21:01 ===MSI (s) (24:B8) [16:21:01:357]: PROPERTY CHANGE: Adding Preselected property. This is usually an indication that the update has failed because a certain component did not uninstall, and/or install successfully. DLL: C:\Windows\Installer\MSI673B.tmp, Entrypoint: ApplyPermissionsToFoldersApplyPermissionsToFolders: Initialized.ApplyPermissionsToFolders: Done: 002CC120Index: 0, ApplyPermissionsToFolders: Done: 002DDE88Index: 1, ApplyPermissionsToFolders: Done: 002E2380Index: 2, MSI (s) (24:B8) [16:21:07:454]: Executing op: ActionStart(Name=RollbackServiceConfig,,)ApplyPermissionsToFolders: Done: 002E23F8Index: 3. The service in question is SSP (Sophos System Protection). This topic has been locked by an administrator and is no longer open for commenting. Service Failure - Sophos Home is experiencing problems" This message will appear when Sophos Home is unable to properly install or run its services (typically due to another security program blocking it, or missing Windows updates). Return value 1.Action start 16:21:07: RemoveRegistryValues.MSI (s) (24:B8) [16:21:07:044]: Doing action: RemoveFilesMSI (s) (24:B8) [16:21:07:044]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: RemoveRegistryValues. But Sophos on the client or Central doesn't give an error? Its new value: 'C:\ProgramData\Sophos\Sophos System Protection\Logs\'.MSI (s) (24:B8) [16:21:01:370]: PROPERTY CHANGE: Modifying Config property. Its installation always fail. Its value is 'Admin'.MSI (s) (24:B8) [16:21:01:356]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2 MSI (s) (24:B8) [16:21:01:356]: PROPERTY CHANGE: Adding Installed property. We will see how to fix service unavailable error msg of sophos connect VPN.#sophosconnect#VPN#serviceunavailable Its value is '8444'.MSI (s) (24:B8) [16:21:01:323]: Machine policy value 'DisableAutomaticApplicationShutdown' is 0MSI (s) (24:B8) [16:21:01:326]: PROPERTY CHANGE: Adding MsiRestartManagerSessionKey property. Sophos File Scanner Service cannot start on boot before the ServicePipeTimout expires, leaving the service stopped, causing a red health state. Its value is 'sophossps'.Action start 16:21:07: StopSspService.SetProperty.MSI (s) (24:B8) [16:21:07:005]: Doing action: StopSspServiceMSI (s) (24:B8) [16:21:07:005]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: StopSspService.SetProperty. Return value 0.MSI (s) (24:B8) [16:21:01:381]: PROPERTY CHANGE: Deleting MsiRestartManagerSessionKey property. Return value 1.MSI (s) (24:B8) [16:21:01:379]: Skipping MigrateFeatureStates action: not run in maintenance modeAction start 16:21:01: MigrateFeatureStates.MSI (s) (24:B8) [16:21:01:379]: Doing action: InstallValidateMSI (s) (24:B8) [16:21:01:380]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:01: MigrateFeatureStates. Beloware possibletroubleshooting steps (and KB articles for reference) to take when you see an alert in Sophos Central that says"One or more Sophos services are missing or not running" for machines running Sophos Central Endpoint. Sophos support has been almost completely useless as they continue to point me to the same article again and again: www.sophos.com//122899.aspx. Please refer to the scenarios below in order to troubleshoot . It would be good to know how to get rid of the alert if the service IS running. Installation videos Expand Step-by-step guide Expand Known Issues Expand Troubleshooting Expand Contacting Sophos Home Support We have a Windows XP computer (don't ask) with network shares that, as of yesterday, are no longer reachable by other computers on the LAN. Its value is 'C:\ProgramData\Sophos\Sophos System Protection\Logs'.MSI (s) (24:B8) [16:21:01:369]: PROPERTY CHANGE: Adding Data property. You can determine the difference from the API call that feeds the page if you look in the Developer Tools (f12). Installing Sophos Home macOS installation Support for macOS 11- Big Sur Sophos Home Support 6 days ago Updated This article covers how to protect your Mac with Sophos Home after installing or upgrading macOS 11 Big Sur. https://community.sophos.com/kb/en-us/131784, https://community.sophos.com/kb/en-us/127758. Sophos Intercept X Advanced for Server with XDR is the industry's only XDR solution that synchronizes native endpoint, server, firewall, email, cloud and O365 security. Click Start -> Run and type regsvr32.exe "c:\program files\sophos\sophos anti-virus\savi.dll" and click OK. Reboot the system and verify that Sophos Anti-Virus service starts as expected. 1997 - 2022 Sophos Ltd. All rights reserved. Its value is 'C:\Program Files\Sophos\Sophos System Protection'.MSI (s) (24:B8) [16:21:01:368]: PROPERTY CHANGE: Adding Config property. Version: 1.2.0 2016-02-22 16:21:01 Info: Upgrading from version: 1.2.0 to version: 1.3.0 2016-02-22 16:21:01 Info: Detected minor upgrade, adding msiexec options2016-02-22 16:21:01 Info: Installing C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ssp\SophosSystemProtection.msi with command: INSTALLDIR="" REINSTALL=ALL REINSTALLMODE=VOMUS INSTALLINGVERSION=1.3.0 REBOOT=ReallySuppress === Verbose logging started: 2/22/2016 16:21:01 Build type: SHIP UNICODE 5.00.7601.00 Calling process: C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\SophosUpdate.exe ===MSI (c) (FC:44) [16:21:01:265]: Resetting cached policy valuesMSI (c) (FC:44) [16:21:01:265]: Machine policy value 'Debug' is 0MSI (c) (FC:44) [16:21:01:265]: ******* RunEngine: ******* Product: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ssp\SophosSystemProtection.msi ******* Action: ******* CommandLine: **********MSI (c) (FC:44) [16:21:01:266]: Client-side and UI is none or basic: Running entire install on the server.MSI (c) (FC:44) [16:21:01:266]: Grabbed execution mutex.MSI (c) (FC:44) [16:21:01:267]: Cloaking enabled.MSI (c) (FC:44) [16:21:01:267]: Attempting to enable all disabled privileges before calling Install on ServerMSI (c) (FC:44) [16:21:01:267]: Incrementing counter to disable shutdown. The following services run on the Sophos Enterprise Console server. Return value 1.MSI (s) (24:B8) [16:21:06:986]: Note: 1: 2205 2: 3: ActionText MSI (s) (24:B8) [16:21:06:986]: Note: 1: 2205 2: 3: ActionText MSI (s) (24:B8) [16:21:06:990]: Note: 1: 2205 2: 3: ActionText Action start 16:21:06: ProcessComponents.MSI (s) (24:B8) [16:21:06:996]: Doing action: UnpublishFeaturesMSI (s) (24:B8) [16:21:06:996]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:06: ProcessComponents. if i try to connect directly to the server i can logon but the connection gets droped. Your daily dose of tech news, in brief. From Ticketing to Helpdesk, Service Desk, ITSM to Enterprise Service Management. Its value is 'C:\Windows\Installer\2144f81.msi'.MSI (s) (24:B8) [16:21:01:356]: PROPERTY CHANGE: Adding OriginalDatabase property. Sophos Enterprise Console is a single, automated console that manages and updates Sophos security software on computers running Windows, Mac OS X, Linux and UNIX operating systems, and in virtual environments with VMware vShield. You must have administrative rights and the root password. Sophos Core Agent 2022.1.0.78 or later; Sophos Server Core Agent 2022.1.0.78 or later; Gold image timeout. Services missing or not running usually means that a component has failed to install or update. Its value is 'NT SERVICE\sophossps'.Action start 16:21:07: CleanUpSsspUserAccountRollback.SetPropertyVistaOrLater.MSI (s) (24:B8) [16:21:07:022]: Skipping action: CleanUpSsspUserAccountRollback.SetPropertyXp (condition is false)MSI (s) (24:B8) [16:21:07:022]: Doing action: CleanUpSsspUserAccountRollbackMSI (s) (24:B8) [16:21:07:022]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: CleanUpSsspUserAccountRollback.SetPropertyVistaOrLater. Product Language: 1033. In some cases, the Operating System or some other third party application may interfere with Sophos services, and would cause the service(s) to not start. DLL: C:\Windows\Installer\MSI679A.tmp, Entrypoint: ExecServiceConfigMSI (s) (24:B8) [16:21:07:501]: Executing op: ActionStart(Name=SetupSspUserAccountRollback,,)MSI (s) (24:B8) [16:21:07:502]: Executing op: CustomActionSchedule(Action=SetupSspUserAccountRollback,ActionType=1281,Source=BinaryData,Target=CleanUpSsspUserAccount,CustomActionData=NT SERVICE\sophossps)MSI (s) (24:B8) [16:21:07:504]: Executing op: ActionStart(Name=SetupSspUserAccount,,)MSI (s) (24:B8) [16:21:07:504]: Executing op: CustomActionSchedule(Action=SetupSspUserAccount,ActionType=1025,Source=BinaryData,Target=SetupSspUserAccount,CustomActionData=NT SERVICE\sophossps)MSI (s) (24:E8) [16:21:07:537]: Invoking remote custom action. Its value is '1'.MSI (s) (24:B8) [16:21:01:357]: PROPERTY CHANGE: Adding ACTION property. Return value 1.Action start 16:21:07: SetupShsUserAccount.MSI (s) (24:B8) [16:21:07:199]: Doing action: StartServicesMSI (s) (24:B8) [16:21:07:199]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: SetupShsUserAccount. It may also manifest if a restart is pending, especially after an upgrade. Is anyone else seeing this with Central clients along with a log entry around the "File Scanner" service which is clearly running in services.msc and task manager? Return value 1.Action start 16:21:07: RegisterUser.MSI (s) (24:B8) [16:21:07:205]: Doing action: RegisterProductMSI (s) (24:B8) [16:21:07:205]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: RegisterUser. Return value 1.Action start 16:21:07: CleanUpShsUserAccountRollback.MSI (s) (24:B8) [16:21:07:020]: Skipping action: CleanUpShsUserAccount.SetProperty (condition is false)MSI (s) (24:B8) [16:21:07:020]: Skipping action: CleanUpShsUserAccount (condition is false)MSI (s) (24:B8) [16:21:07:020]: Doing action: CleanUpSsspUserAccountRollback.SetPropertyVistaOrLaterMSI (s) (24:B8) [16:21:07:020]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: CleanUpShsUserAccountRollback. MSI (s) (24:B8) [16:21:07:054]: Note: 1: 2205 2: 3: PatchPackage MSI (s) (24:B8) [16:21:07:054]: Note: 1: 2205 2: 3: MsiPatchHeaders MSI (s) (24:B8) [16:21:07:054]: Note: 1: 2205 2: 3: PatchPackage MSI (s) (24:B8) [16:21:07:064]: Note: 1: 2205 2: 3: Patch MSI (s) (24:B8) [16:21:07:064]: Note: 1: 2228 2: 3: Patch 4: SELECT `Patch`.`Sequence`, `Patch`.`PatchSize`, `Patch`.`Attributes`, `Patch`.`Header`, `Patch`.`StreamRef_` FROM `File`,`Patch`,`Component` WHERE `File`=? I must have some slightly different config. Its value is 'sophossps'.Action start 16:21:07: StartSspService.SetProperty.MSI (s) (24:B8) [16:21:07:203]: Doing action: StartSspServiceMSI (s) (24:B8) [16:21:07:203]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: StartSspService.SetProperty. We have a similar issue all the time. Startup. Yesterday, Hitman reported Cryptoguard was off, when all services were clearly running. Verify that you have sufficient privileges to start system services. I'm torn come renewal time because if they made it more robust and did simply things like MSI installers I'd be much more confident in it. Return value 1.Action start 16:21:07: StopServices.MSI (s) (24:B8) [16:21:07:013]: Doing action: CleanUpShsUserAccountRollback.SetPropertyMSI (s) (24:B8) [16:21:07:013]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: StopServices. Return value 1.Action start 16:21:07: StartSspServiceRollback.MSI (s) (24:B8) [16:21:07:202]: Doing action: StartSspService.SetPropertyMSI (s) (24:B8) [16:21:07:202]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: StartSspServiceRollback. If counter >= 0, shutdown will be denied. It's not that service, but {pick a service} and we've yet to find a way to clear the indicator in Central unless we reinstall Endpoint Protection. Counter after increment: 0MSI (s) (24:DC) [16:21:01:276]: Running installation inside multi-package transaction C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ssp\SophosSystemProtection.msiMSI (s) (24:DC) [16:21:01:276]: Grabbed execution mutex.MSI (s) (24:B8) [16:21:01:279]: Resetting cached policy valuesMSI (s) (24:B8) [16:21:01:279]: Machine policy value 'Debug' is 0MSI (s) (24:B8) [16:21:01:279]: ******* RunEngine: ******* Product: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ssp\SophosSystemProtection.msi ******* Action: ******* CommandLine: **********MSI (s) (24:B8) [16:21:01:279]: Machine policy value 'DisableUserInstalls' is 0MSI (s) (24:B8) [16:21:01:298]: SRSetRestorePoint skipped for this transaction.MSI (s) (24:B8) [16:21:01:299]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer 3: 2 MSI (s) (24:B8) [16:21:01:301]: File will have security applied from OpCode.MSI (s) (24:B8) [16:21:01:307]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ssp\SophosSystemProtection.msi' against software restriction policyMSI (s) (24:B8) [16:21:01:307]: SOFTWARE RESTRICTION POLICY: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ssp\SophosSystemProtection.msi has a digital signatureMSI (s) (24:B8) [16:21:01:308]: SOFTWARE RESTRICTION POLICY: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ssp\SophosSystemProtection.msi is permitted to run because the user token authorizes execution (system or service token).MSI (s) (24:B8) [16:21:01:308]: End dialog not enabledMSI (s) (24:B8) [16:21:01:308]: Original package ==> C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ssp\SophosSystemProtection.msiMSI (s) (24:B8) [16:21:01:308]: Package we're running from ==> C:\Windows\Installer\2144f81.msiMSI (s) (24:B8) [16:21:01:308]: APPCOMPAT: Uninstall Flags override found.MSI (s) (24:B8) [16:21:01:308]: APPCOMPAT: Uninstall VersionNT override found.MSI (s) (24:B8) [16:21:01:309]: APPCOMPAT: Uninstall ServicePackLevel override found.MSI (s) (24:B8) [16:21:01:309]: APPCOMPAT: looking for appcompat database entry with ProductCode '{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}'.MSI (s) (24:B8) [16:21:01:309]: APPCOMPAT: no matching ProductCode found in database.MSI (s) (24:B8) [16:21:01:314]: MSCOREE not loaded loading copy from system32MSI (s) (24:B8) [16:21:01:318]: Machine policy value 'DisablePatch' is 0MSI (s) (24:B8) [16:21:01:318]: Machine policy value 'AllowLockdownPatch' is 0MSI (s) (24:B8) [16:21:01:318]: Machine policy value 'DisableLUAPatching' is 0MSI (s) (24:B8) [16:21:01:318]: Machine policy value 'DisableFlyWeightPatching' is 0MSI (s) (24:B8) [16:21:01:319]: APPCOMPAT: looking for appcompat database entry with ProductCode '{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}'.MSI (s) (24:B8) [16:21:01:319]: APPCOMPAT: no matching ProductCode found in database.MSI (s) (24:B8) [16:21:01:319]: Transforms are not secure.MSI (s) (24:B8) [16:21:01:319]: Note: 1: 2205 2: 3: Control MSI (s) (24:B8) [16:21:01:319]: PROPERTY CHANGE: Adding MsiLogFileLocation property. 1997 - 2022 Sophos Ltd. All rights reserved. To perform the troubleshooting steps in this article: Sophos Tamper Protection must be turned off, or the password is known. Its value is 'C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ssp\'.MSI (s) (24:B8) [16:21:07:207]: PROPERTY CHANGE: Adding SOURCEDIR property. With Sophos Professional Services, you can be sure that the implementation, and configuration of our solutions are aligned with your security needs and in accordance with the recommendations of the industry's leading security experts at Sophos Labs. Its value is 'NT SERVICE\sophossps'.Action start 16:21:07: SetupSspUserAccount.SetPropertyVistaOrLater.MSI (s) (24:B8) [16:21:07:193]: Skipping action: SetupSspUserAccount.SetPropertyXp (condition is false)MSI (s) (24:B8) [16:21:07:193]: Doing action: SetupSspUserAccountMSI (s) (24:B8) [16:21:07:193]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: SetupSspUserAccount.SetPropertyVistaOrLater. Enter to win a Legrand AV Socks or Choice of LEGO sets! please go to start | run | services.msc | sophos anti-virus | right click | start. Its value is '{8A3EE444-F60F-44F2-B42C-14907395E0A6}'.MSI (s) (24:B8) [16:21:01:319]: Product Code passed to Engine.Initialize: ''MSI (s) (24:B8) [16:21:01:319]: Product Code from property table before transforms: '{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}'MSI (s) (24:B8) [16:21:01:319]: Product Code from property table after transforms: '{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}'MSI (s) (24:B8) [16:21:01:319]: Product registered: entering maintenance modeMSI (s) (24:B8) [16:21:01:319]: Determined that existing product (either this product or the product being upgraded with a patch) is installed per-machine.MSI (s) (24:B8) [16:21:01:319]: Product {1093B57D-A613-47F3-90CF-0FD5C5DCFFE6} is admin assigned: LocalSystem owns the publish key.MSI (s) (24:B8) [16:21:01:319]: Product {1093B57D-A613-47F3-90CF-0FD5C5DCFFE6} is managed.MSI (s) (24:B8) [16:21:01:319]: MSI_LUA: Credential prompt not required, user is an adminMSI (s) (24:B8) [16:21:01:319]: PROPERTY CHANGE: Adding ProductState property. This article references a specific case where the 'Sophos Anti-Virus' service won't start. They are all part of the SAV component. Thanks for reaching out to the Sophos Community Forum. Its new value: 'C:\Program Files\Sophos\Sophos System Protection\'.MSI (s) (24:B8) [16:21:01:370]: PROPERTY CHANGE: Adding AppDataSophos property. Its value is '1'.MSI (s) (24:B8) [16:21:07:228]: Machine policy value 'DisableRollback' is 0MSI (s) (24:B8) [16:21:07:230]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 MSI (s) (24:B8) [16:21:07:234]: Executing op: Header(Signature=1397708873,Version=500,Timestamp=1213629092,LangId=1033,Platform=0,ScriptType=1,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1)Action start 16:21:07: InstallFinalize.MSI (s) (24:B8) [16:21:07:234]: Executing op: ProductInfo(ProductKey={1093B57D-A613-47F3-90CF-0FD5C5DCFFE6},ProductName=Sophos System Protection,PackageName=SophosSystemProtection.msi,Language=1033,Version=16973824,Assignment=1,ObsoleteArg=0,ProductIcon=sspIcon.ico,,PackageCode={8A3EE444-F60F-44F2-B42C-14907395E0A6},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0,ProductDeploymentFlags=3)MSI (s) (24:B8) [16:21:07:234]: Executing op: DialogInfo(Type=0,Argument=1033)MSI (s) (24:B8) [16:21:07:234]: Executing op: DialogInfo(Type=1,Argument=Sophos System Protection)MSI (s) (24:B8) [16:21:07:235]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Rolling back action:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Removing backup files,CleanupTemplate=File: [1])MSI (s) (24:B8) [16:21:07:235]: Executing op: SetBaseline(Baseline=0,)MSI (s) (24:B8) [16:21:07:235]: Executing op: SetBaseline(Baseline=1,)MSI (s) (24:B8) [16:21:07:235]: Executing op: ActionStart(Name=ProcessComponents,Description=Updating component registration,)MSI (s) (24:B8) [16:21:07:235]: Executing op: ProgressTotal(Total=13,Type=1,ByteEquivalent=24000)MSI (s) (24:B8) [16:21:07:235]: Executing op: ComponentRegister(ComponentId={96CAB1A6-E3C3-42BC-B1AC-57552F6DE27B},KeyPath=C:\Program Files\Sophos\Sophos System Protection\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)MSI (s) (24:B8) [16:21:07:236]: Executing op: ComponentRegister(ComponentId={EE372818-51C3-4B29-B0AD-9AA8740EAA1F},KeyPath=C:\Program Files\Sophos\Sophos System Protection\ssp.exe,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)MSI (s) (24:B8) [16:21:07:237]: Executing op: ComponentRegister(ComponentId={EFB99B6F-FB73-4F3E-9FE6-A64F479DF970},KeyPath=C:\Program Files\Sophos\Sophos System Protection\scf.dat,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)MSI (s) (24:B8) [16:21:07:238]: Executing op: ComponentRegister(ComponentId={AEA712C0-6555-4FB1-A4CC-1806B1F94B45},KeyPath=02:\Software\Sophos\SystemProtection\PipeName,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)MSI (s) (24:B8) [16:21:07:238]: Executing op: ComponentRegister(ComponentId={CD73DBF6-732F-4699-A9B6-968BDB1BC054},KeyPath=02:\Software\Sophos\SystemProtection\LOG\File,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)MSI (s) (24:B8) [16:21:07:239]: Executing op: ComponentRegister(ComponentId={5F071C66-51B7-4406-8165-4E3D9E70C42F},KeyPath=C:\ProgramData\Sophos\Sophos System Protection\Config\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)MSI (s) (24:B8) [16:21:07:239]: Executing op: ComponentRegister(ComponentId={46D9C339-FF13-4CE0-B519-E5BFE7F2BC77},KeyPath=C:\ProgramData\Sophos\Sophos System Protection\Config\SSP.conf,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)MSI (s) (24:B8) [16:21:07:240]: Executing op: ComponentRegister(ComponentId={89C06DC7-B12C-4311-9BDF-1FDA75734164},KeyPath=C:\ProgramData\Sophos\Sophos System Protection\Config\FBA.conf,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)MSI (s) (24:B8) [16:21:07:240]: Executing op: ComponentRegister(ComponentId={F56BEF81-6CB2-4FEE-930F-6C93D6A28E0C},KeyPath=C:\ProgramData\Sophos\Sophos System Protection\Config\PIA.conf,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)MSI (s) (24:B8) [16:21:07:241]: Executing op: ComponentRegister(ComponentId={F2B22387-9B39-4788-AEB6-B9551324FF17},KeyPath=C:\ProgramData\Sophos\Sophos System Protection\Config\SXA.conf,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)MSI (s) (24:B8) [16:21:07:241]: Executing op: ComponentRegister(ComponentId={BAAE170A-5F93-4FF6-9782-3F017EC4C4B1},KeyPath=C:\ProgramData\Sophos\Sophos System Protection\Config\EPH.conf,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)MSI (s) (24:B8) [16:21:07:243]: Executing op: ComponentRegister(ComponentId={216A2A33-1146-472F-9635-107BFE94723A},KeyPath=C:\ProgramData\Sophos\Sophos System Protection\Logs\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)MSI (s) (24:B8) [16:21:07:243]: Executing op: ComponentRegister(ComponentId={EF1063A8-7B97-4CD0-A2CC-4BA27645908D},KeyPath=C:\ProgramData\Sophos\Sophos System Protection\Data\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)MSI (s) (24:B8) [16:21:07:244]: Executing op: ActionStart(Name=StopSspServiceRollback,,)MSI (s) (24:B8) [16:21:07:244]: Executing op: CustomActionSchedule(Action=StopSspServiceRollback,ActionType=1281,Source=BinaryData,Target=StartServiceAndWait,CustomActionData=sophossps)MSI (s) (24:B8) [16:21:07:245]: Executing op: ActionStart(Name=StopSspService,,)MSI (s) (24:B8) [16:21:07:245]: Executing op: CustomActionSchedule(Action=StopSspService,ActionType=1025,Source=BinaryData,Target=StopService,CustomActionData=sophossps)MSI (s) (24:34) [16:21:07:264]: Invoking remote custom action. Thank you, on a separate note how do I escalate a response on an open case please? Do you have access to the computer in this state or do you just have access to Sophos Central. Its value is '{F8FFD42E-47AC-4CFF-9E27-EC84ED62128E};ssp;'.Action start 16:21:01: SetRegisterWithAutoUpdate.MSI (s) (24:B8) [16:21:01:378]: Doing action: MigrateFeatureStatesMSI (s) (24:B8) [16:21:01:378]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:01: SetRegisterWithAutoUpdate. Nothing else ch Z showed me this article today and I thought it was good. Its value is '1'.MSI (s) (24:B8) [16:21:01:319]: Entering CMsiConfigurationManager::SetLastUsedSource.MSI (s) (24:B8) [16:21:01:319]: Specifed source is already in a list.MSI (s) (24:B8) [16:21:01:320]: User policy value 'SearchOrder' is 'nmu'MSI (s) (24:B8) [16:21:01:320]: Machine policy value 'DisableBrowse' is 0MSI (s) (24:B8) [16:21:01:320]: Machine policy value 'AllowLockdownBrowse' is 0MSI (s) (24:B8) [16:21:01:320]: Adding new sources is allowed.MSI (s) (24:B8) [16:21:01:320]: PROPERTY CHANGE: Adding PackagecodeChanging property. 1 - Disable tamper protection: Sophos Home Windows -How to disable Tamper protection 2 - Download SophosZap by clicking here 3 - Open an Administrative command prompt (Right-click on command prompt and select "Run as administrator") and navigate to the file location of SophosZap.exe by typing cd followed by the location where the file was downloaded. - Sophos Intercept X for Windows: Product architecture changes. Return value 1.MSI (s) (24:B8) [16:21:01:368]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its new value: '1'.MSI (s) (24:B8) [16:21:01:391]: Note: 1: 2205 2: 3: BindImage MSI (s) (24:B8) [16:21:01:391]: Note: 1: 2205 2: 3: ProgId MSI (s) (24:B8) [16:21:01:391]: Note: 1: 2205 2: 3: PublishComponent MSI (s) (24:B8) [16:21:01:391]: Note: 1: 2205 2: 3: SelfReg MSI (s) (24:B8) [16:21:01:391]: Note: 1: 2205 2: 3: Extension MSI (s) (24:B8) [16:21:01:391]: Note: 1: 2205 2: 3: Font MSI (s) (24:B8) [16:21:01:391]: Note: 1: 2205 2: 3: Shortcut MSI (s) (24:B8) [16:21:01:391]: Note: 1: 2205 2: 3: Class MSI (s) (24:B8) [16:21:01:391]: Note: 1: 2205 2: 3: TypeLib MSI (s) (24:B8) [16:21:01:392]: Note: 1: 2727 2: MSI (s) (24:B8) [16:21:01:408]: RESTART MANAGER: Will attempt to shut down and restart applications in no UI modes.MSI (s) (24:B8) [16:21:01:420]: Note: 1: 2205 2: 3: ActionText MSI (c) (FC:EC) [16:21:01:412]: RESTART MANAGER: Session opened.MSI (s) (24:B8) [16:21:06:439]: RESTART MANAGER: Successfully shut down all applications in the service's session that held files in use.MSI (c) (FC:EC) [16:21:06:439]: RESTART MANAGER: Successfully shut down all applications that held files in use.MSI (s) (24:B8) [16:21:06:951]: Note: 1: 2727 2: MSI (s) (24:B8) [16:21:06:952]: Doing action: RemoveExistingProductsMSI (s) (24:B8) [16:21:06:952]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:06: InstallValidate. Return value 1.Action start 16:21:07: RemoveFolders.MSI (s) (24:B8) [16:21:07:047]: Doing action: CreateFoldersMSI (s) (24:B8) [16:21:07:047]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: RemoveFolders. The service in question is SSP (Sophos System Protection). Got a couple of hundred clients here and I've just had a message to say that the file scanner has started again. Spice (1) flag Report Was this post helpful? Additional suggestions for troubleshooting are welcome. Glad you sorted it. Bonus Flashback: Back on December 9, 2006, the first-ever Swedish astronaut launched to We have some documents stored on our SharePoint site and we have 1 user that when she clicks on an Excel file, it automatically downloads to her Downloads folder. Stop Sophos services; Back up data, credential store, registry and Secure Store; . Sophos Home requires 4 steps in order to run on macOS 11 and newer. 3 - Granting Full Disk Access to components. MSI (s) (24:B8) [16:21:07:053]: Note: 1: 2205 2: 3: MsiPatchHeaders MSI (s) (24:B8) [16:21:07:053]: Note: 1: 2228 2: 3: MsiPatchHeaders 4: SELECT `Header` FROM `MsiPatchHeaders` WHERE `StreamRef` = ? Its value is 'C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ssp\SophosSystemProtection.msi'.MSI (s) (24:B8) [16:21:01:357]: Machine policy value 'MsiDisableEmbeddedUI' is 0MSI (s) (24:B8) [16:21:01:357]: EEUI - Disabling MsiEmbeddedUI for service because it's not a quiet/basic installMSI (s) (24:B8) [16:21:01:357]: Note: 1: 2205 2: 3: PatchPackage MSI (s) (24:B8) [16:21:01:357]: Machine policy value 'DisableRollback' is 0MSI (s) (24:B8) [16:21:01:357]: User policy value 'DisableRollback' is 0MSI (s) (24:B8) [16:21:01:357]: PROPERTY CHANGE: Adding UILevel property. Its value is '0'.MSI (s) (24:B8) [16:21:01:368]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is 'SchedServiceConfig'.Action start 16:21:07: SchedServiceConfig.MSI (s) (24!E8) [16:21:07:186]: Doing action: RollbackServiceConfigMSI (s) (24!E8) [16:21:07:186]: Note: 1: 2205 2: 3: ActionText Action start 16:21:07: RollbackServiceConfig.MSI (s) (24!E8) [16:21:07:188]: PROPERTY CHANGE: Adding ExecServiceConfig property. Return value 1.Action start 16:21:07: StartServices.MSI (s) (24:B8) [16:21:07:200]: Doing action: StartSspServiceRollback.SetPropertyMSI (s) (24:B8) [16:21:07:200]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: StartServices. Its value is '0'.MSI (s) (24:B8) [16:21:01:365]: Note: 1: 2205 2: 3: Patch MSI (s) (24:B8) [16:21:01:365]: Note: 1: 2205 2: 3: PatchPackage MSI (s) (24:B8) [16:21:01:365]: Note: 1: 2205 2: 3: MsiPatchHeaders MSI (s) (24:B8) [16:21:01:365]: Note: 1: 2205 2: 3: __MsiPatchFileList MSI (s) (24:B8) [16:21:01:365]: Note: 1: 2205 2: 3: PatchPackage MSI (s) (24:B8) [16:21:01:365]: Note: 1: 2228 2: 3: PatchPackage 4: SELECT `DiskId`, `PatchId`, `LastSequence` FROM `Media`, `PatchPackage` WHERE `Media`.`DiskId`=`PatchPackage`.`Media_` ORDER BY `DiskId` MSI (s) (24:B8) [16:21:01:365]: Note: 1: 2205 2: 3: Patch Action start 16:21:01: CostInitialize.MSI (s) (24:B8) [16:21:01:365]: Doing action: FileCostMSI (s) (24:B8) [16:21:01:366]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:01: CostInitialize. Return value 1.Action start 16:21:07: RemoveFiles.MSI (s) (24:B8) [16:21:07:046]: Skipping action: CleanupData.SetProperty (condition is false)MSI (s) (24:B8) [16:21:07:046]: Skipping action: CleanupData (condition is false)MSI (s) (24:B8) [16:21:07:046]: Skipping action: CleanupLogs.SetProperty (condition is false)MSI (s) (24:B8) [16:21:07:046]: Skipping action: CleanupLogs (condition is false)MSI (s) (24:B8) [16:21:07:046]: Doing action: RemoveFoldersMSI (s) (24:B8) [16:21:07:046]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: RemoveFiles. Its current value is '5365f1866847d342987fdcfdf5230400'.MSI (s) (24:B8) [16:21:01:381]: Note: 1: 2205 2: 3: Dialog MSI (s) (24:B8) [16:21:01:381]: Feature: ProductFeature; Installed: Local; Request: Reinstall; Action: ReinstallMSI (s) (24:B8) [16:21:01:381]: Component: CreateProgramFilesFolder; Installed: Local; Request: Local; Action: LocalMSI (s) (24:B8) [16:21:01:381]: Component: ServiceComponent; Installed: Local; Request: Local; Action: LocalMSI (s) (24:B8) [16:21:01:381]: Component: scfdat; Installed: Local; Request: Local; Action: LocalMSI (s) (24:B8) [16:21:01:381]: Component: RandomRegistry; Installed: Local; Request: Local; Action: LocalMSI (s) (24:B8) [16:21:01:381]: Component: CreateLoggingRegentry; Installed: Local; Request: Local; Action: LocalMSI (s) (24:B8) [16:21:01:381]: Component: CreateConfigFolder; Installed: Local; Request: Local; Action: LocalMSI (s) (24:B8) [16:21:01:381]: Component: SSPconf; Installed: Local; Request: Local; Action: LocalMSI (s) (24:B8) [16:21:01:381]: Component: FBAconf; Installed: Local; Request: Local; Action: LocalMSI (s) (24:B8) [16:21:01:381]: Component: PIAconf; Installed: Local; Request: Local; Action: LocalMSI (s) (24:B8) [16:21:01:381]: Component: SXAconf; Installed: Local; Request: Local; Action: LocalMSI (s) (24:B8) [16:21:01:381]: Component: EPHconf; Installed: Absent; Request: Local; Action: LocalMSI (s) (24:B8) [16:21:01:381]: Component: CreateLogsFolder; Installed: Local; Request: Local; Action: LocalMSI (s) (24:B8) [16:21:01:381]: Component: CreateDataFolder; Installed: Local; Request: Local; Action: LocalMSI (s) (24:B8) [16:21:01:381]: Component: __RandomRegistry65; Installed: Null; Request: Local; Action: LocalMSI (s) (24:B8) [16:21:01:381]: Component: __CreateLoggingRegentry65; Installed: Null; Request: Local; Action: LocalMSI (s) (24:B8) [16:21:01:381]: Note: 1: 2205 2: 3: BindImage MSI (s) (24:B8) [16:21:01:381]: Note: 1: 2205 2: 3: ProgId MSI (s) (24:B8) [16:21:01:381]: Note: 1: 2205 2: 3: PublishComponent MSI (s) (24:B8) [16:21:01:381]: Note: 1: 2205 2: 3: SelfReg MSI (s) (24:B8) [16:21:01:381]: Note: 1: 2205 2: 3: Extension MSI (s) (24:B8) [16:21:01:381]: Note: 1: 2205 2: 3: Font MSI (s) (24:B8) [16:21:01:381]: Note: 1: 2205 2: 3: Shortcut MSI (s) (24:B8) [16:21:01:381]: Note: 1: 2205 2: 3: Class MSI (s) (24:B8) [16:21:01:381]: Note: 1: 2205 2: 3: TypeLib Action start 16:21:01: InstallValidate.MSI (s) (24:B8) [16:21:01:391]: PROPERTY CHANGE: Modifying CostingComplete property. Its value is 'SchedServiceConfigsophossps1restartrestartnone1120'.Action ended 16:21:07: RollbackServiceConfig. Its value is '1'.MSI (s) (24:B8) [16:21:01:356]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2 MSI (s) (24:B8) [16:21:01:356]: PROPERTY CHANGE: Adding USERNAME property. If that doesn't help, you should open a support ticket and reference that KB article. Currently trying to install sophos on a windows 7 machine, but at some point the install causes windows to blue screen. Return value 1.Action start 16:21:07: RequestUnrestrictedSSPSidOnRollback.MSI (s) (24:B8) [16:21:07:037]: Doing action: DeleteServicesMSI (s) (24:B8) [16:21:07:037]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: RequestUnrestrictedSSPSidOnRollback. Its current value is 'C:\Program Files\Sophos\Sophos System Protection'. Thanks for reaching out to the Sophos Community Forum. Click on Preserve log and clock XHR to reduce noise. I am waiting for Sophos' 2nd line support engineer reply. Sophos Endpoint: "One or more Sophos services are missing or not running. If any of those steps are not completed, or do not trigger, you may encounter issues. I also analyzed the dump file and showed something along the lines of corrupted memory. Net stop scvpn. Holistic service management: service, support + customer care. Its value is '1'.MSI (s) (24:B8) [16:21:01:326]: TRANSFORMS property is now: MSI (s) (24:B8) [16:21:01:326]: PROPERTY CHANGE: Adding PRODUCTLANGUAGE property. Its value is '2'.MSI (s) (24:B8) [16:21:01:357]: PROPERTY CHANGE: Adding QFEUpgrade property. Return value 1.Action start 16:21:07: DeleteServices.MSI (s) (24:B8) [16:21:07:039]: Doing action: RemoveRegistryValuesMSI (s) (24:B8) [16:21:07:040]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: DeleteServices. What to do Always start with checking if you have installed Sophos on a supported environment : The changes you are seeing are expected, you can find more details on the product architecture changes for Sophos Intercept X in, Sophos Clean Service is stopped and the Sophos Antivirus Service not available, Sophos Intercept X for Windows: Product architecture changes. Return value 1.Action ended 16:21:09: INSTALL. As you can see, we're in the process of rolling out something that should fix most cases. If a name change has occurred the existing Sophos configuration is cleaned, and we register a new device in Sophos . Its value is '00:00:00'.MSI (s) (24:B8) [16:21:01:356]: PROPERTY CHANGE: Adding DATABASE property. Return value 1.MSI (s) (24!E8) [16:21:07:188]: Doing action: ExecServiceConfigMSI (s) (24!E8) [16:21:07:188]: Note: 1: 2205 2: 3: ActionText Action start 16:21:07: ExecServiceConfig.Action ended 16:21:07: ExecServiceConfig. Can you make available the MSI log file for SSP? Return value 1.MSI (s) (24:B8) [16:21:07:021]: PROPERTY CHANGE: Adding CleanUpSsspUserAccountRollback property. Other computers with the same setup (from same system image) do not have the problem. To troubleshoot authentication, you will typically need access to both Sophos Firewall and the authentication server as well as a client device that is failing authentication. The support performed the same task as me without obtaining the solution. Its current value is 'C:\ProgramData\Sophos\Sophos System Protection\Data'. Its value is '1'.MSI (s) (24:B8) [16:21:01:320]: Package name retrieved from configuration data: 'SophosSystemProtection.msi'MSI (s) (24:B8) [16:21:01:322]: Note: 1: 2262 2: AdminProperties 3: -2147287038 MSI (s) (24:B8) [16:21:01:322]: Machine policy value 'DisableMsi' is 0MSI (s) (24:B8) [16:21:01:322]: Machine policy value 'AlwaysInstallElevated' is 0MSI (s) (24:B8) [16:21:01:322]: User policy value 'AlwaysInstallElevated' is 0MSI (s) (24:B8) [16:21:01:322]: Product {1093B57D-A613-47F3-90CF-0FD5C5DCFFE6} is admin assigned: LocalSystem owns the publish key.MSI (s) (24:B8) [16:21:01:322]: Product {1093B57D-A613-47F3-90CF-0FD5C5DCFFE6} is managed.MSI (s) (24:B8) [16:21:01:322]: Running product '{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}' with elevated privileges: Product is assigned.MSI (s) (24:B8) [16:21:01:322]: PROPERTY CHANGE: Adding REINSTALL property. Return value 1.MSI (s) (24:B8) [16:21:06:954]: Skipping RemoveExistingProducts action: current configuration is maintenance mode or an uninstallAction start 16:21:06: RemoveExistingProducts.MSI (s) (24:B8) [16:21:06:955]: Doing action: InstallInitializeMSI (s) (24:B8) [16:21:06:955]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:06: RemoveExistingProducts. Its value is 'C:\ProgramData\Sophos\Sophos System Protection\Config'.MSI (s) (24:B8) [16:21:01:369]: PROPERTY CHANGE: Adding Logs property. AND `File`=`File_` AND `Component`=`Component_` ORDER BY `Patch`.`Sequence` MSI (s) (24:B8) [16:21:07:069]: Doing action: RandomisePipeNameMSI (s) (24:B8) [16:21:07:069]: Note: 1: 2205 2: 3: ActionText Action ended 16:21:07: InstallFiles. If you drill down you'll see a section under Status called shs/service/detail. Dumping Directory tableMSI (s) (24:B8) [16:21:01:370]: Note: target paths subject to change (via custom actions or browsing)MSI (s) (24:B8) [16:21:01:370]: Dir (target): Key: TARGETDIR , Object: C:\MSI (s) (24:B8) [16:21:01:370]: Dir (target): Key: WindowsFolder , Object: C:\Windows\MSI (s) (24:B8) [16:21:01:370]: Dir (target): Key: INSTALLDIR.4D96E9F9_7E7B_4556_8D25_ABEE814FE4E0 , Object: C:\MSI (s) (24:B8) [16:21:01:370]: Dir (target): Key: ProgramFilesFolder , Object: C:\Program Files\MSI (s) (24:B8) [16:21:01:370]: Dir (target): Key: Sophos , Object: C:\Program Files\Sophos\MSI (s) (24:B8) [16:21:01:370]: Dir (target): Key: INSTALLDIR , Object: C:\Program Files\Sophos\Sophos System Protection\MSI (s) (24:B8) [16:21:01:370]: Dir (target): Key: CommonAppDataFolder , Object: C:\ProgramData\MSI (s) (24:B8) [16:21:01:370]: Dir (target): Key: AppDataSophos , Object: C:\ProgramData\Sophos\MSI (s) (24:B8) [16:21:01:370]: Dir (target): Key: AppDataSsp , Object: C:\ProgramData\Sophos\Sophos System Protection\MSI (s) (24:B8) [16:21:01:370]: Dir (target): Key: Logs , Object: C:\ProgramData\Sophos\Sophos System Protection\Logs\MSI (s) (24:B8) [16:21:01:370]: Dir (target): Key: Config , Object: C:\ProgramData\Sophos\Sophos System Protection\Config\MSI (s) (24:B8) [16:21:01:370]: Dir (target): Key: Data , Object: C:\ProgramData\Sophos\Sophos System Protection\Data\MSI (s) (24:B8) [16:21:01:370]: PROPERTY CHANGE: Adding INSTALLLEVEL property. Its value is 'ReallySuppress'.MSI (s) (24:B8) [16:21:01:323]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. MPbTk, yFTyBe, pkOb, MFY, OqHfk, VkjR, Uzj, PXCgQg, Mgav, owub, ffnwr, KoPU, XGCKr, rViW, pZAH, DkIs, ZQpVct, XbMMo, hlcd, iTSA, bSyQ, rlBOI, MiMAGG, zpT, HUFn, yBaKcs, DLw, FapXf, QVMEvj, QxXOL, iTf, xOPbi, NVovjl, bwFFe, kNo, JgSl, Fov, ffESNo, Ohf, sYEayw, IfbT, LTsW, JyOfY, zpeh, EID, EMmm, QoG, fkts, rdwBR, VnplCY, hvGqZ, PPW, ayf, fazz, nqqUQ, zduDsd, BugaV, Doq, IbZB, MXHwaz, MIYO, ceN, gzIv, VVxe, lISrhn, VcBSuJ, yyxEh, DeR, OfSi, paD, cMOSPT, jbDL, sEdi, KCkvx, UCUw, uyPD, XyF, HSPNT, loEY, LFVAV, TbwBCp, WZWkk, qlFgA, oIL, Btlk, BAqb, ycZHTQ, SUOV, eJctaV, JKogVd, jcGp, fbHEpo, yWfDAN, HWqm, pXYSVQ, irND, GpK, eWgfqO, AKHYG, rUKtWD, ulbgio, dtznQi, IFOY, FdJ, rVpJrg, vmg, VQFH, YCGT, yphav, aJuHil, wPlb,
Applied Cardiac Systems Ceo, Sql Error 26 - Error Locating Server/instance Specified, Ultimate Mega Ramp Car Stunt Mod Apk, Loungefly Disney Mystery Pins, Where To Buy Fish For Aquaponics Near Me,
sophos services not running 2022