You are trying to reinstall the Symantec Management Agent (Altiris Agent) on one of your client machines.

When the Symantec Management Agent is getting installed, you get the following error:

"Install failed. Error message: Failed to run action: InstallCoreAgentDll"

According to AEXNSC.log (on the affected client machine, under c:\programdata\symantec\symantec agent\installlogs):

2023-04-29 01:03:22 P:2672   T:6596   *ERRR CoreUtil: GetInstallPath could not get the install path from InstallDir - error: 0x2
......

2023-04-29 01:03:24 P:2672   T:6596   *ERRR Installer: Action RegisterComDll: error 0x00000003 returned from executing the command line: regsvr32 /s "C:\Program Files\Altiris\Altiris Agent\x86\AeXAgentUI.dll"
2023-04-29 01:03:24 P:2672   T:6596   *ERRR CoreUtil: Install failed. Error message: Failed to run action: InstallCoreAgentDll
2023-04-29 01:03:24 P:2672   T:6596    INFO Installer: Core Agent Installation Ended

ITMS 8.6, 8.7.x

In this particular instance, CrowdStrike is causing this issue. It is blocking regsvr32 for installing our DLLs.

Here is what is found after reviewing a ProcMon trace taken when trying to run manually on the affected client machine regsvr32 /s "C:\Program Files\Altiris\Altiris Agent\x86\AeXAgentUI.dll" from a command prompt as Administrator:

• It is seen that Crowdstrike is interfering with the DLL loading process when REGSVR32 is trying to load our AEXAGENTUI.DLL. 
• ITMS code had not even had a chance to execute, not a single instruction from AEXAGENTUI.DLL was executed, all failed during the DLL loading phase.
• Here is CrowdStrike DLL injected in REGSVR32.EXE intercepting system LoadLibrary call, this is when regsvr32 loads our DLL.

Then, the same DLL is calling into some CrowdStrike driver right before the DLL loading fails with error 3:

And now the company name that created those DLLs is seen:

It isn't know what the impact is with the ITMS DLL when REGSVR32 is loading it but it appears Crowstrike make be affecting the loading. When this DLL gets loaded, REGSVR32 should load a bunch of system DLLs on which aexagentui.dll is dependent. Most of them get loaded just fine but REGSVR32 does not ever try loading CABINET.DLL for some reason, which is the last in the list of dependencies. It could be some problem there caused by Crowdstrike interfering with this process.

REGSVR32 is a standard-used tool, it is plain simple - loads DLL, calls a single API from this DLL and this API writes a bunch of registry values.  That's a standard COM DLL behavior and all our DLLs are being registered this way. 

At this point, our recommendation is:

1. Work with Crowdstrike to properly set up the right exclusions for allowing regsvr32 to run and install DLLs
2. Or just disable the Crowdstrike client so you can install the agent and then enable it.

Unable to delete registry keys for the Symantec Management Agent references