You assigned the disabled Memory Exploit Mitigation (MEM) policy to client group in Symantec Endpoint Protection Manager (SEPM) 14.0.x. After you upgrade SEPM to 14.2 RU2MP1 or later, "Default Disabled Memory Exploit Mitigation policy" is assigned to such client group but MEM is now enabled on SEP client.
SEPM 14.2 RU1MP1 or later, upgraded from SEPM 14.0.x
Broadcom is aware of this issue and will update this document when a solution becomes available.
Work Around:
If you already upgraded SEPM to 14.2 RU2MP1 or later and issue is happening, create the disabled MEM policy and assign to client group manually.
If you are preparing upgrade, check your disabled MEM policy. If [Enable this policy] in [Overview] tab is unchecked, check it and uncheck [Enable Memory Exploit Mitigation] in [Memory Exploit Mitigation] tab instead to disable MEM policy, or withdraw MEM policy from client group then run upgrade.
ESCRT-4454