After installing the Local Security Agent on a managed system, the Altiris Agent appears to keep getting killed shortly after starting up. Uninstalling the Local Security Agent appears to resolve the issue.
The following warning is found in the agent logs each time the agent dies. Priority: 2 Date: 5/18/2009 2:33:11 PM Tick Count: 1587369984 Host Name: AGENT1 Process: AeXNSAgent.exe (4300) Thread ID: 984 Module: AeXNSAgent.exe Source: Altiris Agent Description: Unexpected exit C0000005
Which for the same thread is always just preceded by either the following information/trace log examples below.
Priority: 8 Date: 5/18/2009 2:33:09 PM Tick Count: 1587368299 Host Name: AGENT1 Process: AeXNSAgent.exe (4300) Thread ID: 984 Module: AltirisLSSAgent.dll Source: CCOMApplicationEvent::BuildCOMApplicationPolicyInventory Description: Generating the list of COM+ Applications.
Either during the inventory or resource discovery of COM applications a security exception is hit that causes the Altiris agent to stop.
Either the Inventory process fails because the COM applications are not available or the discovery process trys to collect additional information for the COMs (from the list of COM GUIDs collected by the inventory process), but hits an unexpected security restriction. Either of these exeptions cause the Altiris Service to get restarted.
Symantec is aware of this issue and is taking steps to resolve the issue. Please subscribe to this KB to be notified as new information or a fix for this issue is available.
At present the only work around to this issue is to disable the COM and DCOM inventory and discovery processes. This will remove the ability to collect security data on all COM and DCOM component/applications which is used with the Altiris Task Server to be able to reconfigure these security settings from the Altiris server. The ability to collect and configure Local Security users and groups is not compromised by disabling the COM and DCOM discovery agents.
To disable the COM and DCOM discovery agents and remove any pending discovery of these GUIDs, please follow the following steps.
Goto - Configuration > Solution Settings > Security Management > Local Security -> Windows > Local Security Agent Configuration