Endpoint Protection

My laptop just BSOD at teefer2.sys.  Very disconcerting.  Here is the !analyze -v

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa800ab53a58, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff88003e3c55c, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)

Debugging Details:
------------------

Unable to open image file: C:\Program Files\Debugging Tools for Windows (x64)\sym\ntkrnlmp.exe\4A5BC6005dd000\ntkrnlmp.exe
The system cannot find the file specified.


READ_ADDRESS:  fffffa800ab53a58 Nonpaged pool

FAULTING_IP:
teefer2+555c
fffff880`03e3c55c 488b9b88010000  mov     rbx,qword ptr [rbx+188h]

MM_INTERNAL_CODE:  0

IMAGE_NAME:  teefer2.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a0b1ec0

MODULE_NAME: teefer2

FAULTING_MODULE: fffff88003e37000 teefer2

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  System

CURRENT_IRQL:  1

TRAP_FRAME:  fffff88002e73ae0 -- (.trap 0xfffff88002e73ae0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000015
rdx=fffff88003e46f4c rsi=0000000000000000 rdi=0000000000000000
rip=fffff88003e3c55c rsp=fffff88002e73c70 rbp=0000000000000080
 r8=000000000000005c  r9=fffff88003e5849d r10=00000000000003cb
r11=0000000000000042 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
teefer2+0x555c:
fffff880`03e3c55c 488b9b88010000  mov     rbx,qword ptr [rbx+188h] ds:6a04:0188=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff800031061e4 to fffff80003086f00

STACK_TEXT: 
fffff880`02e73978 fffff800`031061e4 : 00000000`00000050 fffffa80`0ab53a58 00000000`00000000 fffff880`02e73ae0 : nt!KeBugCheckEx
fffff880`02e73980 fffff800`03084fee : 00000000`00000000 fffffa80`0ab538d0 fffffa80`0abbe000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x42907
fffff880`02e73ae0 fffff880`03e3c55c : fffff880`03e46ed3 fffffa80`0ab538d0 00000000`00000080 fffff880`03e594e0 : nt!KiPageFault+0x16e
fffff880`02e73c70 fffff880`03e3c680 : fffff880`00000000 fffffa80`05903980 00000000`00000001 00000000`0001118e : teefer2+0x555c
fffff880`02e73ca0 fffff880`03e3c78c : 00000000`0001118e fffffa80`05572000 ffffffff`ff85ee00 00000000`00000080 : teefer2+0x5680
fffff880`02e73cd0 fffff800`0332a166 : 00000000`00000001 fffffa80`056154d0 00000000`00000080 fffffa80`056154d0 : teefer2+0x578c
fffff880`02e73d00 fffff800`03065486 : fffff880`009e9180 fffffa80`056154d0 fffffa80`054aca60 fffff880`0121ea90 : nt!PspSystemThreadStartup+0x5a
fffff880`02e73d40 00000000`00000000 : fffff880`02e74000 fffff880`02e6e000 fffff880`02e73650 00000000`00000000 : nt!KxStartSystemThread+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP:
teefer2+555c
fffff880`03e3c55c 488b9b88010000  mov     rbx,qword ptr [rbx+188h]

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  teefer2+555c

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:  X64_0x50_teefer2+555c

BUCKET_ID:  X64_0x50_teefer2+555c

Followup: MachineOwner
---------

if anyone at Symantec wants the dump I'll be happy to upload it.

If anyone has any suggestions on how to avoid this let me know.
 

the problem seems to be with the firewall component driver called teefer2 driver
open add /remove programs.
click on symantec endpoint protection
click on change
click on modify
uncheck network threat protection , (select the option this features will not be installed)
click on next
complete the install
check if the issue still persists.

Rafeeq

Thanks for the reply. 

I knew it was with the network threat protection module.  I had already gone round and round with teefer2 not working with SEP 11.4 and finished with uninstalling SEP-NTP on 11.4.  I was hoping 11.5 was fixed.  Guess not.    I've uninstalled it again. 

Maybe someone at Symantec could update this when they have a working NTP module with Window 7 x64. 

I'm also wondering if the same problem exists with SEP 11.5 and W2K8R2 ( which should have the same memory management and TCP/IP stack as Win7).  Should I uninstall NTP from my W2K8R2 dev servers just to be safe?

Please uninstall NTP till we narrow down to the problem or the root cause of the issue;.
Awaitng MU5 MP1 soon :)