Microsoft has published a number of Windows Security Updates that contain a compatibility issue with legacy versions of the Expanded Remediation and Side Effect Repair (ERASER) engine that's distributed with Symantec Endpoint Protection (SEP) 12.1 and 14.0.
ERASER Engine Version 117.2.1 and older will encounter a Blue Screen of Death upon execution of a Scheduled, On-Demand, or Quick Scan by the SEP client, if these Windows Security Updates are present on the system.
On 1/3/2018, Microsoft released the following out-of-band updates:
Windows Server 2016 - KB4056890
Windows Server 2012 R2 - KB4056898
Windows Server 2012 - KB4056899
Windows Server 2008 R2 SP1 - KB4056897
Windows 10 1709 - KB4056892
Windows 10 1703 - KB4056891
Windows 10 1607 - KB4056890
Windows 10 1511 - KB4056888
Windows 10 - KB4056893
Windows 8.1 - KB4056898
Windows 7 SP1 - KB4056897
On 1/9/2018, Microsoft released the following Security Rollups which supercede the 1/3 update on their respective versions of Windows:
Windows 8.1 - KB4056895
Windows Server 2012 R2 - KB4056895
Windows Server 2012 - KB4056896
Windows 7 SP1 - KB4056894
Windows Server 2008 R2 SP1 - KB4056894
Note: To mitigate the risk of systems encountering a BSoD, Windows Update will detect if a legacy ERASER engine version is installed and hide the update from users. In most cases, this means that encountering a BSoD as a result of this incompatibility is unlikely. This will not prevent older ERASER content from being applied after the Windows Update has been applied.
Once this update has been applied, do NOT attempt to rollback definitions to anything prior to this set of definitions or a Blue Screen of Death will be encountered upon execution of an On-Demand, Scheduled, or Active Scan.
Ensure that all installation packages are either loaded with NO content or with content that contains ERASER engine update 188.8.131.528 or greater.
Definitions containing the updated ERASER Engine for Enterprise products are included in 1/4/2018 rev. 1 (Sequence Number: 189937).
Subscribing will provide email updates when this Article is updated. Login is required.