System might encounter hang issue if Endpoint Protection and ESCORT are installed together
Last Updated August 30, 2018
If you install both Symantec Endpoint Protection (SEP) and ESCORT into a system the system will hang randomly. There are interoperability issues here with Reason Core Security (ESCORT) on the stack with SEP.
Details are as below.
THREAD x is holding a loader lock on a .dll A in the context of ccsvchst.exe and generates an ALPC call to csrss.exe.
The Server thread processing the ALPC message is thread Y.
SEP is trying to scan "x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest" and then emulates the execution of ESCORT binaries (like Escndl.dll, icdcnl.dll).
ESCORT binaries (like Escndl.dll, icdcnl.dll) then tries to load the same .dll A (above) on the critical section.
SEP 12.x and 14.x
Deadlock or Hang results
Installing both SEP and ESCORT (Reason core Security anti-malware security software) on the same system is not recommended. The following method can be used as a workaround.