A Windows 10 system with a Killer Wireless 1535 Wireless Network Adapter crashes with a Bug Check 0xC8 (IRQL_UNEXPECTED_VALUE) after installing a Symantec Endpoint Protection (SEP) 12.1 or 14 client with the Firewall component.

BugCheck C8, {0, 2, 0, 0}

Sample STACK_TEXT:

SEP 12.1 RU6 MP5, 12.1 RU6 MP6, 12.1 RU6 MP7, 14

In one thread, while a Net Buffer List (NBL) is being passed to Microsoft's NDIS stack, NDIS6 filter driver teefer.sys (our Symantec CMC Firewall Teefer3 driver) is injected and it passes on the origin NBL's IRQL, which is PASSIVE_LEVEL. At the same time, in another thread, bwcW10x64.sys (Killer Wireless' Bandwidth Control driver) changes the IRQL from PASSIVE_LEVEL to DISPATCH_LEVEL. As it fails to restore it back to the origin NBL's PASSIVE_LEVEL IRQL, the operating system detects an unexpected IRQL change and crashes the system to prevent further disruption.

Killer Networking has released a fixed Software version: 1.1.67.1763 which can download from http://www.killernetworking.com/driver-downloads/item/e2200-e2400-wireless.

If you can't upgrade immediately, there are currently two possible workarounds:

• Unbind “Killer Bandwidth Control” from the Killer Wireless 1535 Wireless Network Adapter, thereby preventing bwcW10x64.sys (Killer Wireless' Bandwidth Control driver) being loaded and unexpectedly changing the IRQL.
• Install the SEP 12.1 or SEP 14 client without the Firewall component and use the built-in Windows 10 firewall.