This means the SEP Agent on your machine is not using the driver that "Application & Device Control" requires.
Many may have missed my lengthy post above, that details that the SEPM's DB is far from adequate for identifying which, if any, of your SEP Agents have the ADC component installed and being loaded during system boot time, which is crucial inorder to identify how exposed you are to this 0-day vulnerability.
We've been consulting with our Symantec BCS Engineer, and they have confirmed this lack of functionality, which is very disappointing.
That said, our next idea was to see if there is an event generated when ADC is loaded when the SEP Agent's services start. Thankfully, they've managed to find that there is.
Here is a query you can run on your SEPM DB (both SQL Server or Internal Sygate DB users) that will return a list of all your endpoints that are loading the ADC (sysplant) driver when the SEP Agent starts.
select distinct EVENT_ID, EVENT_TIME, HARDWARE_KEY, HOST_NAME, DESCRIPTION, CALLER_PROCESS_NAME, CALLER_RETURN_MODULE_NAME from V_AGENT_BEHAVIOR_LOG where event_id in ('501', '502')
From here you can then choose what you want to do of the two options Symantec have suggested. Their first option disables the drivers from loading, the other is to uninstall the ADC component of SEP completely.
Either option requires a reboot, and therefore creates a massive impact for those who have thousands of affected endpoints across their customers, particularly those with mobile users (laptops etc)