Skip to content
Advisory: Sophos Central Windows Endpoints/Servers
January 16, 2023

Advisory: Sophos Central Windows Endpoints/Servers

Sophos Central Windows Endpoints/Servers: Installation failure due to components SME64/EFW64

Issue

The Sophos installation fails and references the following two components:
  • SME64
  • EFW64
When running interactively, the following warning will be displayed:

interctive.png

If running the installation as part of a task sequence, such as SCCM, the task sequence execution engine will report a failure to install.

Product and Environment

  • Sophos Central Windows Endpoint Core Agent 2022.4.0.4
  • Sophos Central Windows Server Core Agent 2022.4.0.6

Cause

The issue is caused when there is a requirement to download the following DigiCert Trusted Root G4 certificate to the Certificate Store on the device. If there is a delay in obtaining the certificate, the installation of these components will fail.

certificate.png

Resolution

While the initial install will fail, providing the above root certificate subsequently is obtained, the two failing components will attempt to automatically re-install.

To prevent the install failures from occurring (such as in a task sequence for SCCM), the certificate can be installed as part of the sequence, prior to installing Sophos. An example method to do this would be to use the CertUtil utility, e.g.:

From the command prompt run the following three commands:

mkdir C:\tempcerts
CertUtil -syncWithWU C:\tempcerts
certutil -addstore root C:\tempcerts\ddfb16cd4931c973a2037d3fc83a4d7d775d05e4.crt

Or the certificate can be downloaded and distributed to devices from https://www.digicert.com/kb/digicert-root-certificates.htm .

To determine if the certificate is present in the store, the following PowerShell/Terminal command can be used:

Get-ChildItem -path cert:\localmachine\root\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4

Note: Customers who have turned off Automatic Root Certificate Updating and do not have an alternate method to distribute certificates can also trigger this issue.


This can be confirmed either in Group Policy by running through the following steps:

  1. Click Start > Run (or Windows key + R).
  2. Enter gpedit.msc and then click OK.
  3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  4. Go to Administrative Templates > System > Internet Communication Management > Internet Communication settings.
  5. Check what is set in Turn off Automatic Root Certificates Update.
If there are no GPO/local settings, then verify if the following registry value is configured as below:

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Policies\Microsoft\SystemCertificates\AuthRoot
Value Name=DisableRootAutoUpdate Type=REG_DWORD Value Data=00000001

To allow the installation, you will need to set DisableRootAutoUpdate to 0 or manually install them to the device.

In addition, if you have Group Policies that only allow certificates registered in Active Directory to be authenticated, this could also affect the installation.

Previous article Advisory: Failed to Protect computer or server alerts in Sophos Central
Next article Sophos Central Manager Scheduled Upgrades

More Sophos News Posts

See more

Featured collection

  • Sophos XGS 107 / 107 Wireless By Sophos - Buy Now - AU $782.76 At The Tech Geeks Australia
    Sophos XGS 107 / 107 Wireless By Sophos - Buy Now - AU $782.76 At The Tech Geeks Australia
    Sale Sale

    Sophos XGS 107 / 107 Wireless

    $782.76 - $1,192.00
    $782.76 - $1,192.00
    $1,172.00
    $782.76 - $1,132.00
    $782.76 - $1,132.00
    $782.76

    The Sophos XGS 107 Firewall Appliance is built upon a dual-processor architecture, combining a high-performance, multi-core CPU with a dedicated Xs...

    View full details
    $782.76 - $1,192.00
    $782.76 - $1,192.00
    $1,172.00
    $782.76 - $1,132.00
    $782.76 - $1,132.00
    $782.76
    Sale Sale
  • Sophos XGS 116 / 116 Wireless By Sophos - Buy Now - AU $997.55 At The Tech Geeks Australia
    Sophos XGS 116 / 116 Wireless By Sophos - Buy Now - AU $997.55 At The Tech Geeks Australia
    Sale Sale

    Sophos XGS 116 / 116 Wireless

    $997.55 - $1,887.00
    $997.55 - $1,887.00
    $1,886.00
    $997.55 - $1,792.00
    $997.55 - $1,792.00
    $997.55

    The Sophos XGS 116 Firewall Appliance is built upon a dual-processor architecture, combining a high-performance, multi-core CPU with a dedicated Xs...

    View full details
    $997.55 - $1,887.00
    $997.55 - $1,887.00
    $1,886.00
    $997.55 - $1,792.00
    $997.55 - $1,792.00
    $997.55
    Sale Sale
  • Sophos XGS 87 / 87 Wireless By Sophos - Buy Now - AU $596 At The Tech Geeks Australia
    Sophos XGS 87 / 87 Wireless By Sophos - Buy Now - AU $596 At The Tech Geeks Australia
    Sale Sale

    Sophos XGS 87 / 87 Wireless

    $596.00 - $990.00
    $596.00 - $990.00
    $983.69
    $596.00 - $940.00
    $596.00 - $940.00
    $596.00

    The Sophos XGS 87 Firewall Appliance is built upon a dual-processor architecture, combining a high-performance, multi-core CPU with a dedicated Xst...

    View full details
    $596.00 - $990.00
    $596.00 - $990.00
    $983.69
    $596.00 - $940.00
    $596.00 - $940.00
    $596.00
    Sale Sale
  • Sophos XGS 126 / 126 Wireless By Sophos - Buy Now - AU $1356.15 At The Tech Geeks Australia
    Sophos XGS 126 / 126 Wireless By Sophos - Buy Now - AU $1356.15 At The Tech Geeks Australia
    Sale Sale

    Sophos XGS 126 / 126 Wireless

    $1,356.15 - $2,487.00
    $1,356.15 - $2,487.00
    $2,484.00
    $1,356.15 - $2,362.00
    $1,356.15 - $2,362.00
    $1,356.15

    The Sophos XGS 126 Firewall Appliance is built upon a dual-processor architecture, combining a high-performance, multi-core CPU with a dedicated Xs...

    View full details
    $1,356.15 - $2,487.00
    $1,356.15 - $2,487.00
    $2,484.00
    $1,356.15 - $2,362.00
    $1,356.15 - $2,362.00
    $1,356.15
    Sale Sale
  • Sophos XGS 136 / 136 Wireless By Sophos - Buy Now - AU $1714.74 At The Tech Geeks Australia
    Sophos XGS 136 / 136 Wireless By Sophos - Buy Now - AU $1714.74 At The Tech Geeks Australia
    Sale Sale

    Sophos XGS 136 / 136 Wireless

    $1,714.74 - $3,914.00
    $1,714.74 - $3,914.00
    $3,913.00
    $1,714.74 - $3,718.00
    $1,714.74 - $3,718.00
    $1,714.74

    The Sophos XGS 136 Firewall Appliance is built upon a dual-processor architecture, combining a high-performance, multi-core CPU with a dedicated Xs...

    View full details
    $1,714.74 - $3,914.00
    $1,714.74 - $3,914.00
    $3,913.00
    $1,714.74 - $3,718.00
    $1,714.74 - $3,718.00
    $1,714.74
    Sale Sale
Shop collection