The customer noticed that their domain controllers were getting over 300,000 authentication events from their ITMS application credentials per hour. (over 9 million in 24 hours). He have it traced back to a certs/SSL/HTTPS call on his Site Servers and SMP server.
The Symantec Management Agent (aka Altiris Agent) logs showed a constant entries referring to pages like:
A change was done from the default settings under the "Default Website>Altiris>ClientTaskServ