ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
System might encounter hang issue if Endpoint Protection and ESCORT are installed together
Article ID: 170577
If you install both Symantec Endpoint Protection (SEP) and ESCORT into a system the system will hang randomly.
There are interoperability issues here with Reason Core Security (ESCORT) on the stack with SEP.
Details are as below.
THREAD x is holding a loader lock on a .dll A in the context of ccsvchst.exe and generates an ALPC call to csrss.exe.
The Server thread processing the ALPC message is thread Y.
SEP is trying to scan "x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest" and then emulates the execution of ESCORT binaries (like Escndl.dll, icdcnl.dll).
ESCORT binaries (like Escndl.dll, icdcnl.dll) then tries to load the same .dll A (above) on the critical section.
Deadlock or Hang results
SEP 12.x and 14.x
Installing both SEP and ESCORT (Reason core Security anti-malware security software) on the same system is not recommended.
The following method can be used as a workaround.