4: kd> !poolused 4 /t 5
........
Sorting by Paged Pool Consumed
NonPaged Paged
Tag Allocs Used Allocs Used
SAEA 0 0 1429569 320223456 UNKNOWN pooltag 'SAEA', please update pooltag.txt
Sa_s 4 4416 1430161 183164864 UNKNOWN pooltag 'Sa_s', please update pooltag.txt
CM31 0 0 38455 176963584 Internal Configuration manager allocations , Binary: nt!cm
SaEF 0 0 2859139 160111808 UNKNOWN pooltag 'SaEF', please update pooltag.txt
SaEC 0 0 1429569 137238624 UNKNOWN pooltag 'SaEC', please update pooltag.txt
TOTAL 467656 162859008 8612890 1411343392
Our Auto-Protect driver leaks contexts, leading to a build-up of memory usage by its SAEA paged pool tag.
14 MP2
Windows 10 (other versions of Windows may be susceptible to the same issue)
This issue has been resolved in SEP 14 RU1.
As a temporary workaround, consider running the following commands (which restart SMC/Auto-Protect and will do away with any SAEA pool tag related memory usage) on all affected systems, e.g. by configuring a scheduled task item via group policy that runs the script when a workstation is unlocked:
"%ProgramFiles(x86)%\Symantec\Symantec Endpoint Protection\Smc.exe" -stop
sc stop srtsp
sc start srtsp
"%ProgramFiles(x86)%\Symantec\Symantec Endpoint Protection\Smc.exe" -start