Microsoft has published a number of Windows Security Updates that contain a compatibility issue with legacy versions of the Expanded Remediation and Side Effect Repair (ERASER) engine that's distributed with Symantec Endpoint Protection (SEP) 12.1 and 14.0.
ERASER Engine Version 117.2.1 and older will encounter a Blue Screen of Death upon execution of a Scheduled, On-Demand, or Quick Scan by the SEP client, if these Windows Security Updates are present on the system.
STOP CODE: MEMORY_MANAGEMENT (0x1a)
ERASER Engine 117.2.1 and earlier contain a compatibility issue with the Windows Security Updates published on 1/3/2018.
On 1/3/2018, Microsoft released the following out-of-band updates:
Windows Server 2016 - KB4056890
Windows Server 2012 R2 - KB4056898
Windows Server 2012 - KB4056899
Windows Server 2008 R2 SP1 - KB4056897
Windows 10 1709 - KB4056892
Windows 10 1703 - KB4056891
Windows 10 1607 - KB4056890
Windows 10 1511 - KB4056888
Windows 10 - KB4056893
Windows 8.1 - KB4056898
Windows 7 SP1 - KB4056897
On 1/9/2018, Microsoft released the following Security Rollups which supercede the 1/3 update on their respective versions of Windows:
Windows 8.1 - KB4056895
Windows Server 2012 R2 - KB4056895
Windows Server 2012 - KB4056896
Windows 7 SP1 - KB4056894
Windows Server 2008 R2 SP1 - KB4056894