Reference Guide › Utilities › eACoexist Utility—Detect and Register Coexisting Trusted Programs › How the Coexistence Utility Works › How the eTrust Audit Plug-In Works

How the eTrust Audit Plug-In Works

The coexistence utility runs the eTrust Audit plug-in to scan the computer for eTrust Audit Version 1.5 registry keys and files before the CA Access Control installation begins, as follows:

1. Queries the following registry key for existence:

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\acdistagn.exe
   

   If successful it extracts the "Path" value designated %PathFromRegistry%.
   

   If the registry key exists, the plug-in:

   • Reads the value of the Path entry
   • Returns the following executable pathnames:

     FilePathFromRegistry\bin\acactmgr.exe
     FilePathFromRegistry\bin\SeLogRcd.exe
     FilePathFromRegistry\bin\acdistagn.exe
     FilePathFromRegistry\acdistsrv.exe
     FilePathFromRegistry\acfwrecd.exe
     FilePathFromRegistry\acrecorderd.exe
     FilePathFromRegistry\aclogrd.exe
     FilePathFromRegistry\portmap.exe
     FilePathFromRegistry\SeLogRec.exe
     FilePathFromRegistry\SeLogRd.exe
     FilePathFromRegistry\snmprec.exe
     

     This is the default action as defined in the response file. The eTrust Audit plug-in does not add a trusted program (SPECIALPGM) rule by default.

2. Stops the following services:
   • "eAudit Action Manager"
   • "eAudit Distribution Agent"
   • "eAudit Log Router"
   • "eAudit Recorder"
   • "eAudit Redirector"
   • "eAudit Portmap"

   If a more recent version of eTrust Audit is installed, it stops the following services:

   • "eTrust Audit Action Manager"
   • "eTrust Audit Collector"
   • "eTrust Audit Distribution Agent"
   • "eTrust Audit Distribution Server"
   • "eTrust Audit FW-1 Recorder"
   • "eTrust Audit Generic Recorder"
   • "eTrust Audit Log Router"
   • "eTrust Audit Portmap"
   • "eTrust Audit Recorder"
   • "eTrust Audit Redirector"
   • "eTrust Audit SNMP Recorder"
3. When the CA Access Control installation completes, it restarts these same services.

The coexistence utility also runs the eTrust Audit plug-in to:

• Stop the eTrust Audit services when you uninstall CA Access Control
• Start the eTrust Audit services after the CA Access Control uninstall completes

Note: The response file determines the default action that the coexistence utility performs at prescribed stages (what to do before CA Access Control installation, after CA Access Control installation, and so on).