Microsoft has published a number of Windows Security Updates that contain a compatibility issue with legacy versions of the Expanded Remediation and Side Effect Repair (ERASER) engine that's distributed with Symantec Endpoint Protection (SEP) 12.1 and 14.0.
ERASER Engine Version 117.2.1 and older will encounter a Blue Screen of Death upon execution of a Scheduled, On-Demand, or Quick Scan by the SEP client, if these Windows Security Updates are present on the system.
On 1/3/2018, Microsoft released the following out-of-band updates:
Windows Server 2016 - KB4056890
Windows Server 2012 R2 - KB4056898
Windows Server 2012 - KB4056899
Windows Server 2008 R2 SP1 - KB4056897
Windows 10 1709 - KB4056892
Windows 10 1703 - KB4056891
Windows 10 1607 - KB4056890
Windows 10 1511 - KB4056888
Windows 10 - KB4056893
Windows 8.1 - KB4056898
Windows 7 SP1 - KB4056897
On 1/9/2018, Microsoft released the following Security Rollups which supercede the 1/3 update on their respective versions of Windows:
Windows 8.1 - KB4056895
Windows Server 2012 R2 - KB4056895
Windows Server 2012 - KB4056896
Windows 7 SP1 - KB4056894
Windows Server 2008 R2 SP1 - KB4056894
STOP CODE: MEMORY_MANAGEMENT (0x1a)
ERASER Engine 117.2.1 and earlier contain a compatibility issue with the Windows Security Updates published on 1/3/2018.
- Ensure that ERASER Engine 22.214.171.1248 or greater has been applied before attempting to apply the Microsoft Windows Security Updates released on 1/3/2018. For additional detail, see: How to check the version of AV Engine, IPS Engine and Eraser Engine from the client computer.
- Once this update has been applied, do NOT attempt to rollback definitions to anything prior to this set of definitions or a Blue Screen of Death will be encountered upon execution of an On-Demand, Scheduled, or Active Scan.
- Ensure that all installation packages are either loaded with NO content or with content that contains ERASER engine update 126.96.36.1998 or greater.
- Definitions containing the updated ERASER Engine for Enterprise products are included in 1/4/2018 rev. 1 (Sequence Number: 189937).