Reference Guide › Utilities › eACoexist Utility—Detect and Register Coexisting Trusted Programs › How the Coexistence Utility Works › How the eTrust Audit Plug-In Works

How the eTrust Audit Plug-In Works

The coexistence utility runs the eTrust Audit plug-in to scan the computer for eTrust Audit Version 1.5 registry keys and files before the CA ControlMinder installation begins, as follows:

1. Queries the following registry key for existence:

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\acdistagn.exe
   

   If successful it extracts the "Path" value designated %PathFromRegistry%.
   

   If the registry key exists, the plug-in:

   • Reads the value of the Path entry
   • Returns the following executable pathnames:

     FilePathFromRegistry\bin\acactmgr.exe
     FilePathFromRegistry\bin\SeLogRcd.exe
     FilePathFromRegistry\bin\acdistagn.exe
     FilePathFromRegistry\acdistsrv.exe
     FilePathFromRegistry\acfwrecd.exe
     FilePathFromRegistry\acrecorderd.exe
     FilePathFromRegistry\aclogrd.exe
     FilePathFromRegistry\portmap.exe
     FilePathFromRegistry\SeLogRec.exe
     FilePathFromRegistry\SeLogRd.exe
     FilePathFromRegistry\snmprec.exe
     

     This is the default action as defined in the response file. The eTrust Audit plug-in does not add a trusted program (SPECIALPGM) rule by default.

2. Stops the following services:
   • "eAudit Action Manager"
   • "eAudit Distribution Agent"
   • "eAudit Log Router"
   • "eAudit Recorder"
   • "eAudit Redirector"
   • "eAudit Portmap"

   If a more recent version of eTrust Audit is installed, it stops the following services:

   • "eTrust Audit Action Manager"
   • "eTrust Audit Collector"
   • "eTrust Audit Distribution Agent"
   • "eTrust Audit Distribution Server"
   • "eTrust Audit FW-1 Recorder"
   • "eTrust Audit Generic Recorder"
   • "eTrust Audit Log Router"
   • "eTrust Audit Portmap"
   • "eTrust Audit Recorder"
   • "eTrust Audit Redirector"
   • "eTrust Audit SNMP Recorder"
3. When the CA ControlMinder installation completes, it restarts these same services.

The coexistence utility also runs the eTrust Audit plug-in to:

• Stop the eTrust Audit services when you uninstall CA ControlMinder
• Start the eTrust Audit services after the CA ControlMinder uninstall completes

Note: The response file determines the default action that the coexistence utility performs at prescribed stages (what to do before CA ControlMinder installation, after CA ControlMinder installation, and so on).