You experienced a Bug Check 0xC2 (BAD_POOL_CALLER) on a 32-bit Windows system with Symantec Endpoint Protection (SEP) 12.1 (pre-RU5) with the "Virus, Spyware and Basic Download Protection" feature only (Advanced Download Protection is not enabled).
An analysis of the resulting dump using the Windows Debugger (WinDBG) shows that the issue occured when it was attempted to free pool memory that had already been freed. You further determine the following in WinDBG:
Dereferencing the address of the block of pool being deallocated (argument 4) using the !pool command shows it is related to pool tag HTab. which belongs to NETIO.SYS (Microsoft's Network I/O Subsystem driver). lmvm netio shows the version of NETIO.SYS currently installed on the server is several years old.
The virtual memory usage overview (!vm 1) shows a large amount of pool failures.
Using the command dd nt!MmPoolFailures l?9 you determine that these are non-paged pool failures (i.e. the output of the command shows a large amount of failures in the first three bytes, with no or very little failures in the next two three byte blocks).
The top 5 of non-paged pool consumers (!poolused /t 5 2) shows a similarly large amount of allocations for pool tag SNDc.
Using the command !for_each_module s -a @#Base @#End "SNDc" and then lma with one of the resulting addresses as a parameter you find that the pool tag belongs to SymTDIv (our Symantec Network Dispatch driver).
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 0000110b, (reserved)
Arg3: a0e6cdb8, Memory contents of the pool block
Arg4: 88e64760, Address of the block of pool being deallocated
As SYMTDIv is not required when using the "Virus, Spyware and Basic Download Protection" feature only, it can be disabled using the command sc config symtdiv start= disabled, followed by a reboot of the server.