STEP 1
1. Apply emergency recovery option.
2. Registry
i. Uninstall string
ii. Search for Lockdown
iii. Copy MSI.exe
iv. Paste to cmd
3. Restart server
4. Waiting for Sophos Update
STEP 2
1. Identified that the 'C:\Windows\System32\drivers\
2. Renamed this file to 'SLD.sys.old'
3. Forced an update of Sophos via the UI
4. Server Lockdown installed successfully
I believe that this may have been caused by the following :
- Secure boot was initially enabled on the servers when the install of Sophos Server Lockdown was first attempted
- Server Lockdown failed to install and didn't rollback completely (leaving the SLD.sys file in C:\Windows\system32\drivers)
- Secure boot disabled
- Due to the presence of the SLD.sys file from the first failed install, the Lockdown installer thought the feature was already installed so tried to upgrade it
- The upgrade continued to fail as the required services etc. were missing due to the initial install failure
- Renaming the SLD.sys file allowed a fresh install to be attempted
- As secure boot was disabled, the install completed without issue
The servers are currently creating the whitelist file (which can take anywhere up to a few hours to complete).
For reference, the article I mentioned in regards to Secure Boot is included below:
------------------------------
Article ID: 120861
Title: UEFI and Secure Boot compatible PCs/Operating Systems prevents Data Control from working
URL: https://sophos.com/kb/
------------------------------
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article