We're seeing a very similar issue, except with the Heap Spray attack. Symantec killing office applications (word, powerpoint, outlook, lync, excel), as well as IE, Adobe Acrobat and Reader, and Symantec itself (ccsvchost.exe). Like many others, working with support has been a struggle - all we've been told is that it seems to be a false positive and that we shouldn't be seeing this at this scale (approaching 50 systems with the issue) and that they want to try a reinstall of Symantec. A mix of SEP 14.0.3897.1101 and 14.0.3929.1200 systems experiencing the issue, both Windows 7 and 10, some with May OS and Software patches, some updated to June. No rhyme or reason to it thus far, other than that it started within a single business unit last week, and then hit another single unit this week.
We've disabled the particular signature for now as a workaround. There is risk that comes with doing so - if this isn't actually a false positive as we've been told and from additional attacks with the same signature - but we had to get people back to work. What we did as a workaround was create a new Memory Exploit Mitigation Policy under Policies with the relevant signature disabled, created new groups for impacted systems under the Clients tab and disabled inheritance, and then assigned the new Memory Exploit Mitigation policy to it.