You have a Windows 10 system with Symantec Endpoint Protection (SEP) 14.0 or higher that experiences a crash with BugCheck 0xEF (CRITICAL_PROCESS_DIED). A look at the resulting crash dump shows the presence of Sysfer (our Application Control user mode library).

The above stack text (which should be read from bottom to top) is of a dump that showed svchost.exe crashing as a result of an exception code 0x2 ("The system cannot find the file specified.") having been thrown by faulting module appsruprov.dll (Microsoft's Application System Resource Usage Monitor –SRUM– provider), which called its ArupMergeStatsList function. Sysfer hooks into the stack after the exception is thrown but before the process crashes. 

• Windows 10
• SEP 14.0 or higher

This typically is not the SEP's client fault, the crash in svchost.exe occurs before the hook by sysfer.dll (Application Control), the root cause of the crash should be analyzed and will vary.
Automated crash analysis may point to sysfer.dll as the cause but this is misleading.

If the crash occurs repeatedly and you want to exclude the possibility of SEP being responsible, you may create an Application Control exception for svchost.exe, ensuring to also exclude all child processes. The crash will still happen but sysfer.dll will no longer be present in the stack