Sophos Cloud installer log files

  • Article ID: 119621
  • Updated: 26 Sep 2014

This article provides information about the log files created by the Sophos Cloud installer.

Applies to the following Sophos product(s) and version(s)

Sophos Cloud

  • Windows

    Running 'SophosInstall.exe' creates the following logs in the user's temporary directory, this is typically referred to as %temp%, e.g.:

    • XP/2003: 'C:\documents and settings\[usernmae]\local settings\temp\'
    • Vista+: 'C:\users\[username]\AppData\Local\Temp\'

      : To confirm you temp location, in a command prompt run the command: set and find the variable called 'TEMP'.

      Note: If the SophosInstall.exe is being run as a system, for example as deployed with a start-up script, then the logs will be in '%windir%\temp\'.

    The logs are as follows:

    • Sophos Extract Log_[TimeStamp].txt - The log file of 'SophosInstall.exe'.  It details the unpacking of the downloaded package.
    • Sophos Endpoint Bootstrap_[TimeStamp].txt - The log for setup.exe ('%temp%\sophos_bootstrap\setup.exe'), which co-ordinates the first time installation of the various components.  
      Note: See article: 120449 for details on return codes.
    • avremove.log - The Log of the third-party security detection and removal tool (extracted to %temp%\crt\) as created by 'avremoveew.exe'.  This tool is run if the user selects the option when running SophosInstall.exe (this is the default).  For more information on the CRT, see article 119619.
    • Sophos AutoUpdate Install Log.txt - The MSI log detailing the installation of Sophos AutoUpdate - The component that keeps the software up to date.
    • Sophos MCS Install Log.txt -  The MSI log detailing the installation of Sophos Management Communication System (MCS).  MCS is the component that provides communication to Sophos Cloud for policies, sending alerts and event information.
  • ​Mac

    After the download of '' and the subsequent launching of 'Sophos', logging will take place to the following location:

    • System log, with a 'Sender' name of 'Sophos Installer'.
      Tip: To launch 'Console' to view messages: Open 'Finder', select 'Applications', expand 'Utilities' and launch 'Console', you can then search for 'Sophos Installer' to filter the view.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent