You assigned the disabled Memory Exploit Mitigation (MEM) policy to client group in Symantec Endpoint Protection Manager (SEPM) 14.0.x. After you upgrade SEPM to 14.2 RU2MP1 or later, "Default Disabled Memory Exploit Mitigation policy" is assigned to such client group but MEM is now enabled on SEP client.

SEPM 14.2 RU1MP1 or later, upgraded from SEPM 14.0.x

This issue is fixed in Symantec Endpoint Protection (SEP) 14.3 RU2 . For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec software here.

Work Around:
If you already upgraded SEPM to 14.2 RU2MP1 or later and issue is happening, create the disabled MEM policy and assign to client group manually.

If you are preparing upgrade, check your disabled MEM policy. If [Enable this policy] in [Overview] tab is unchecked, check it and uncheck [Enable Memory Exploit Mitigation] in [Memory Exploit Mitigation] tab instead to disable MEM policy, or withdraw MEM policy from client group then run upgrade.

ESCRT-4454