Bugcheck 9E referencing netft.sys on Hyper-V Cluster server node running Server 2012 with SEP 12.1.6 client installed. A cluster server node is repeatedly hanging. After the server experiences the hang, it falls out of the cluster due to the cluster watchdog process resulting in the crash dump with a bugcheck 9E. After 4 or 5 minutes it will restart and upon restart the server may experience the hang issue again.
When in this state, it does connect to the cluster node and appears to be functioning as expected.
However after supplying credentials at the login prompt, the login process will not proceed and may result in a black screen. The machine will eventually restart and may continue to loop through this process and experience the symptoms as described above.
Memory Dump review reveals:
The issue occurs when Application Control enumerates mount points within a volume.
This issue is fixed in Symantec Endpoint Protection client 22.214.171.124 (RU6 MP5). For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec Endpoint Protection.
To work around the issue an Application Control exception can be put into place. This will prevent the Application Control from attaching to Windows Clustering service, clussvc.exe.