Windows 10 machines which have Secure Boot enabled and Symantec Endpoint Protection (SEP) installed are found to intermittently lose network connectivity as all network devices are missing. Issue is present until SEP is either uninstalled or the SEP Firewall component is removed.
SEP System log:
4/2/2018 10:50:31 AM 302448641 0 3 Firewall driver failed to open network adapter Smc
Event ID 26:
'Application Popup' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'', '\SystemRoot\system32\DRIVERS\Teefer.sys failed to load'.
Event ID 7026:
The following boot-start or system-start driver(s) did not load: dam Teefer2.
Application and Services -> Microsoft -> WIndows -> CodeIntegrity:
Event ID 3004:
(1) Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\Teefer.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Fresh Installation of Windows 10 build 1607 with UEFI BIOS Secure Boot ON
In Windows 10, Build 1607, all new kernel mode drivers must be digitally signed by Microsoft when UEFI BIOS Secure Boot is ON. Any fresh installations of Windows 10 build 1607 with Secure Boot ON can potentially be affected by this issue. Teefer.sys was not Microsoft signed. Note that this issue does not affect upgrades or existing installations of Windows 10 1607. See further information from Microsoft regarding the signing changes.
This issue is fixed in Symantec Endpoint Protection 14.2. For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec Endpoint Protection.
As a work around, Secure Boot can be temporarily turned to OFF in the UEFI BIOS options.