Error 0x0000004a when protecting an endpoint computer

  • Article ID: 59644
  • Updated: 02 Apr 2015


After protecting an endpoint computer from the console the following is shown in the 'Install errors' column on the 'Alert and Error Details' tab of the console:

Third-party security software was detected. [0x0000004a]

In the computer details windows, the following is shown:

0000004a Detected third-party security software. To remove it, run the Protect Computers Wizard again and select the removal option. If you have already done so, contact Sophos Technical Support for additional assistance.

When you run setup.exe manually on the endpoint computer you see:

Detected third-party security software. To remove it, run this installer again and select the removal option. If you have already done so, contact Sophos Technical Support for additional assistance.
If you do not click 'OK', this message box will close automatically after 60 seconds.

At the bottom of the AVRemove.log either of the following is shown:

  • [DATE] [TIME] Failure: There were products detected, but some cannot be removed by this version of the tool
    There was a problem running the Competitor Removal tool
    There were products detected, but some cannot be removed by this version of the tool

  • [DATE] [TIME] Info: Detection of third-party security and update products complete
    [DATE] [TIME] Info: Detected Products:
    [DATE] [TIME] Info: [the product that was detected]
    [DATE] [TIME] Info: AVRemove finished. 1 products found. Report logged to : C:\...\avremove.log

First seen in
Sophos Enterprise Manager 4.7.0
Sophos Control Center 4.0.0
Enterprise Console 4.5.0


You have protected a computer that already has another vendor's security software installed and either:

  • You did not select the 'Third-Party Security Software Detection' option when running the Protect Computer Wizard.
  • The Sophos Competitor Removal Tool (CRT) can detected the existing third-party software but does not include functionality to remove it automatically.
  • The CRT.cfg file has been set to detect only.

What To Do

If you did not select the 'Third-Party Security Software Detection' option during the Protect Computer Wizard you should re-run the wizard and make sure it is selected.

If the option was selected: Confirm what third-party software is already installed, including exact version number, and check article 112662 to confirm the CRT should detect and remove the version of software and then see the appropriate section below.

Installed third-party software is not listed

If article 112662 does not mention the version of third-party security software currently installed, or the article shows that the CRT only detects the security software you can either:

  1. Manually uninstall the endpoint software (small number of computers).  If a large number of computers are affected you may want to develop your own script to remove the third-party software prior to installing our software (Sophos Technical Support cannot support you with this procedure).
  2. Request the CRT be updated to include both detection and removal functionality.  The procedure for requesting an update to the CRT is provided in article 117835.
  3. Contact your Sales Account Manager and discuss a bespoke solution. See article 117835 for details. 

Installed third-party software is listed

If article 112662 mentions the third-party security software and therefore the CRT should both detect and remove it automatically you should confirm (from the version of CRT available in the distribution folder on your network) that the third-party software installed is also listed there.  See article 117835 for how to output a full list third-party versions.  

If there is a mismatch between information in article 112662  and the list output directly from the CRT your version of the CRT could be out of date.  You should update the distribution point to ensure you have the latest version of the CRT.  This may involve changing your current subscription in your Sophos Update Manager (SUM) to download a later endpoint protection product version.

Has the CRT.cfg file been modified?

Having worked through the above information, if error 0000004a still occurs and the following is true:

  1. The option to detect third-party software is selected during the wizard/running Setup.exe.
  2. Article 112662 shows that the CRT should detect and remove the software.
  3. The latest version of the CRT is being used.

...then check if the CRT.cfg configuration file has been altered.  Locate the CRT.cfg file (in the 'crt' folder of the share being used for the failed installation (you may have more than one subscription) and compare the values set to the default values.  If you cannot locate the CRT.cfg file in the crt folder extract the file from the file.  See article 117835 for more information on the CRT.cfg file, and default configuration.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent