This article provides information about the log files created by the Sophos Cloud installer.
Applies to the following Sophos product(s) and version(s)
Running 'SophosInstall.exe' creates the following logs in the user's temporary directory, this is typically referred to as %temp%, e.g.:
- XP/2003: 'C:\documents and settings\[usernmae]\local settings\temp\'
- Vista+: 'C:\users\[username]\AppData\Local\Temp\'
Tip: To confirm you temp location, in a command prompt run the command:
set and find the variable called 'TEMP'.
Note: If the SophosInstall.exe is being run as a system, for example as deployed with a start-up script, then the logs will be in '%windir%\temp\'.
The logs are as follows:
- Sophos Extract Log_[TimeStamp].txt - The log file of 'SophosInstall.exe'. It details the unpacking of the downloaded package.
- Sophos Endpoint Bootstrap_[TimeStamp].txt - The log for setup.exe ('%temp%\sophos_bootstrap\setup.exe'), which co-ordinates the first time installation of the various components.
- avremove.log - The Log of the third-party security detection and removal tool (extracted to %temp%\crt\) as created by 'avremoveew.exe'. This tool is run if the user selects the option when running SophosInstall.exe (this is the default).
- Sophos AutoUpdate Install Log.txt - The MSI log detailing the installation of Sophos AutoUpdate - The component that keeps the software up to date.
- Sophos MCS Install Log.txt - The MSI log detailing the installation of Sophos Management Communication System (MCS). MCS is the component that provides communication to Sophos Cloud for policies, sending alerts and event information.
After the download of 'SophosInstall.zip' and the subsequent launching of 'Sophos Installer.app', logging will take place to the following location:
- System log, with a 'Sender' name of 'Sophos Installer'.
Tip: To launch 'Console' to view messages: Open 'Finder', select 'Applications', expand 'Utilities' and launch 'Console', you can then search for 'Sophos Installer' to filter the view.