We run CSA v4.5.1 on all our servers and desktops. We also run Sophos Anti-virus agent. Recently we upgraded to the latest version of Sophos (7.0.4) but noticed that it wasn't installing correctly. Further investigation confirmed that CSA was preventing Sophos from accessing a registry key called appinit_dlls. Sophos technical support confirmed this was necessary for the application to install correctly.
The CSA logs report nothing (even with the Log Deny overrride option), so we can't step through a wizard as we normally do when CSA prevents a legitimate application from behaving correctly. Also, putting the agent group into test mode has no effect either. What does work is manually disabling the CSA service while in Windows Safe Mode, restarting the PC, applying the Sophos application update, and then turning the CSA service back on again. Sophos is then able to carry out its ide file updates ok. Its just the initial update of the actual application that it runs into trouble with.
I have nearly 700 PC's I would have to apply this workaround to, so I'd appreciate if anyone had come across a more easily applied fix than this one.