Crash with Bug Check 0x1A on an Endpoint Protection 14 system


Article ID: 171146


Updated On:


Endpoint Protection


You experience a crash with Bug Check 0x1A (MEMORY_MANAGEMENT) on a system with Symantec Endpoint Protection (SEP) 14.


Page table corruption, caused by WGX.SYS (Symantec Network Access Control driver).

Please note that not all Bug Check 0x1A related crashes are caused by this issue.


SEP 14 (any version)


As Symantec Network Access Control is end-of-life (EOL) and the WGX.SYS driver has been deprecated, you can disable the driver in one of the following ways:

  • On a single system, disable Tamper Protection, then run the following commands in an administrative Command Prompt window:
    "%ProgramFiles(x86)%\Symantec\Symantec Endpoint Protection\Smc.exe" -stop 
    reg add HKLM\SYSTEM\CurrentControlSet\services\wgx /v Start /t REG_DWORD /d 4 /f
    "%ProgramFiles(x86)%\Symantec\Symantec Endpoint Protection\Smc.exe" -start ‚Äč
  • In a multi-Endpoint Protection system environment managed by Symantec Endpoint Protection Manager (SEPM), use the Host Integrity (HI) policy in attachment to disable WGX.sys on all systems:
    1. Open SEPM.
    2. In Policies, select Import a Host Integrity Policy.
    3. Select the attached .dat file and click the Import button.
    4. Right-click the Disable wgx driver service HI policy, select Assign..., tick the desired groups and click the Assign button.


Disable wgx driver service.dat get_app