If Symantec Endpoint Protection (SEP) is left installed on a Windows 10 system, and that system is then upgraded directly to Windows 10 version 1809, proxied web traffic fails to connect when using Internet Explorer or Edge.
Windows 10 upgraded to version 1809
sysfer.dll (DLL for Application and Device Control) fails to inject into the pacjsworker.exe process. This process handles PAC file parsing.
Windows 10 version 1507, and earlier, do not include the ALL RESTRICTED APPLICATION PACKAGES security group. However, version 1607, and up, do. When upgrading from 1507 to a newer build, such as 1809, this security group may not get properly assigned to sysfer.dll under C:\Windows\System32. In some instances, this failure may also persist even beyond the preliminary upgrade (e.g. 1507 to 1703 and then 1703 to 1809).
As a result of the missing security group, sysfer.dll is unable to inject into the pacjsworker.exe process, which results in that process terminating without properly handling the PAC file parsing. As a result, web traffic requests may be incorrectly routed. This has been determined to be an issue with Microsoft Windows and not the SEP product.
To work around this behavior, the SEP client should either be uninstalled prior to the Windows 10 version upgrade, or SEP should be reinstalled after the OS upgrade. Doing so will allow the Windows OS to properly assign this security group, thus allowing proper injection.
Subscribing will provide email updates when this Article is updated. Login is required.