Crash with Bug Check 0x1A on an Endpoint Protection 14 system

book

Article ID: 171146

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You experience a crash with Bug Check 0x1A (MEMORY_MANAGEMENT) on a system with Symantec Endpoint Protection (SEP) 14.

Cause

Page table corruption, caused by WGX.SYS (Symantec Network Access Control driver).

Please note that not all Bug Check 0x1A related crashes are caused by this issue.

Environment

SEP 14 (any version)

Resolution

As Symantec Network Access Control is end-of-life (EOL) and the WGX.SYS driver has been deprecated, you can disable the driver in one of the following ways:

  • On a single system, disable Tamper Protection, then run the following commands in an administrative Command Prompt window:
     
    "%ProgramFiles(x86)%\Symantec\Symantec Endpoint Protection\Smc.exe" -stop 
    reg add HKLM\SYSTEM\CurrentControlSet\services\wgx /v Start /t REG_DWORD /d 4 /f
    "%ProgramFiles(x86)%\Symantec\Symantec Endpoint Protection\Smc.exe" -start ‚Äč
  • In a multi-Endpoint Protection system environment managed by Symantec Endpoint Protection Manager (SEPM), use the Host Integrity (HI) policy in attachment to disable WGX.sys on all systems:
     
    1. Open SEPM.
    2. In Policies, select Import a Host Integrity Policy.
    3. Select the attached .dat file and click the Import button.
    4. Right-click the Disable wgx driver service HI policy, select Assign..., tick the desired groups and click the Assign button.

Attachments

Disable wgx driver service.dat get_app