After upgrading the Symantec Endpoint Protection (SEP) client from 12.1 to SEP 14.0, systems may experience a crash with Bug Check 27 (RDR_FILE_SYSTEM). The crashing module is mup.sys (Microsoft's Multiple UNC Provider driver). This is observed when users log into the system, or while using applications that access resources over Windows filesharing.

SEP 14.0

Mup.sys (Microsoft's Multiple UNC Provider driver) tries to access memory that has already been freed by another driver.

This issue has been resolved in SEP14 MP1, by not having Auto-Protect request an oplock on network files, as a workaround for what is believed to be an operating system bug. To download the latest version of SEP, see http://www.symantec.com/docs/TECH103088.

If an immediate upgrade is not possible, disabling Policies >Virus and Spyware Protection policy >Windows Settings > AutoProtect > Scan files on remote computers may provide temporary relief.