Package destination location folders have their NTFS security permissions reset to no access, making them inaccessible through standard means. This happens at regular intervals.

The GUID folders for packages show a lock on their icons.

 Unable to delete file

ITMS 8.6.x

Whenever a package refresh occurs on a Symantec Site Server, all folders in the file system that are acting as Package Destination locations have their NTFS security permissions reset to no access. 

Turn off DACL Management on each package server.

1) Open the registry editor on your package server
2) Open registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent\Package Server
3) Create a new DWORD value named "EnableDACLManagement" with a value of "0"
4) Restart the package Server

To delete an offending package, open a command prompt as admin navigate to the package delivery folder <install drive>:\program files\altiris\altiris agent\package delivery\ and run the command: icacls {GUID_OF_PACKAGE.EN_US} /t /reset

This will reset the permissions on the specified folder, takes the lock off of the icon, and changes permissions back to windows default (local admins have full access now).

If client agents are getting access denied when attempting to download packages, then reset the correct permissions for everyone and the IIS_IUSR accounts on the package delivery folder to get back to where the access is correct. You may need to also run iisreset for this as well.

For further information on this setting, please refer to "FAQ on Package Servers" under section 5.3