How to deploy Endpoint MSI with Altiris.


Article ID: 160814


Updated On:


Data Loss Prevention Endpoint Prevent


When trying to attempt to install the Endpoint MSI via Altiris 7 it fails.

Perform a manual installation with additional logging as outlined in KB TECH220055
Run the installation via the command line so that installation details can be recorded for further analysis.

  1. Open a command shell window.
  2. Change the current working directory to where the Endpoint agent installer file, AgentInstall.msi, is located.
    1. C:\> cd installer_directory
  3. Launch the Endpoint agent installer with logging enabled.
    1. C:\installer_directory\> msiexec /I AgentInstall.msi /L*v my_install_log.txt
  4. Complete the Endpoint agent installation using the InstallShield Wizard.

The following error message in the MSI log occurs:

MSI (s) (E4:40) [08:15:59:389]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI5987.tmp, Entrypoint: InstallDriverPackages
DIFXAPP: ENTER: InstallDriverPackages()
DIFXAPP: 'CustomActionData' property 'DIFxApp Version' is 2.1.
DIFXAPP: 'CustomActionData' property 'UI Level' is 2.
DIFXAPP: 'CustomActionData' property 'componentId' is {03C8264B-B361-435E-A6B5-C565F24D4A6E}.
DIFXAPP: 'CustomActionData' property 'componentPath' is C:\Program Files\Symantec\Endpoint Agent\vfsmfd\.
DIFXAPP: 'CustomActionData' property 'flags' is 0x1F.
DIFXAPP: 'CustomActionData' property 'installState' is 2.
DIFXAPP: 'CustomActionData' property 'ProductName' is AgentInstall.
DIFXAPP: 'CustomActionData' property 'ManufacturerName' is Symantec Corp..
DIFXAPP: INFO: opening HKEY_USERS 'S-1-5-18\Software\Microsoft\Windows\CurrentVersion\DIFxApp\Components\{03C8264B-B361-435E-A6B5-C565F24D4A6E}' (User's SID: 'S-1-5-18') ...
DIFXAPP: ERROR 0x2 encountered while opening install-info subkey for component '{03C8264B-B361-435E-A6B5-C565F24D4A6E}'
DIFXAPP: InstallDriverPackages failed with error 0x2
DIFXAPP: RETURN: InstallDriverPackages() 2 (0x2)
CustomAction MsiInstallDrivers returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)


Data Loss Prevention Endpoint Prevent version 11.x and 12.x


Please note that Endpoint deployment has only been certified with Symantec Management Platform (SMP) / Altiris by using the Integrated Component (IC). And with SMS by using the MSI package. We highly recommend the use of the IC with Symantec SMP.


Error interpretation

Error 02 almost always means 'File not found'. There may also be issues with access to the TEMP folder (or other folders) when the install is run under the System Account.
Make sure that the System Account has access to the files and folders.
DIFXAPP also relies on the existence of a user profile, which SYSTEM may not have loaded. Due to a bug in the DIFXAPP framework, if the user account under which the MSI is invoked has its profile loaded, then all works fine. If not, it’ll error out with the observed error.
A side effect would also be that impersonation doesn't load a user profile by default.


  • Either log into the computer and run it locally as a user account.
  • Find some way to forcibly load the user profile into the registry before the installation starts.
      e.g. by pushing down a bootstrapper to the remote device which launches the MSI on your behalf.

Alternatively, try the solution we had within the Tivoli deployment environment.
That environment had the same problem and DIFXAPP errors.
The solution was to use an MST file for deployment.
This link has the steps to create an MST file (KB TECH219201).

Can I deploy the Endpoint Agent using Active Directory Group Policy Objects (GPO)?

Please keep in mind that the deployment mechanism for MST files may be different under Altiris than under GPO.
The other approach to test would be to use an admin account to set up the MSI rather than the system account.