Blue screen error with Bug Check 19 "BAD_POOL_HEADER" occurs with Endpoint Security

Technical Articles ID: KB91624
Last Modified: 2023-02-27 20:29:15 Etc/GMT

Environment

Endpoint Security (ENS) Threat Prevention 10.6.1 July 2019 Update, 10.6.1 May 2019 Update

Problem

A system crash (blue screen) error with Bug Check 19 "BAD_POOL_HEADER" might occur sporadically. It can occur in the following scenarios:

ENS Threat Prevention 10.6.1 May/July 2019 Update is present and AMCore content is installed.
ENS Threat Prevention 10.6.1 May/July 2019 Update is present with Exploit Prevention enabled and there’s a mapped network drive that points to a non-drive letter.

Cause

Possible causes of the blue screen error are:

There’s an issue with AMCore that can trigger this issue.
There’s an issue with Exploit Prevention that can trigger this issue. Exploit Prevention inspects file access to the remote location. While it compares remote data with local cached data, a buffer is exceeded. As a result, a blue screen error occurs when the buffer is freed. It isn’t possible to predict when the failure might occur because of several factors that must all align. But, the likelihood of the failure for environments that meet the requirements can be high depending on use of the network path.

Solution

This issue is resolved in the following releases:

Threat Prevention (AMCore) related issue: This issue is resolved in ENS 10.6.1 July 2019 Update Repost.
Exploit Prevention related issue: This issue is resolved in the ENS 10.6.1 July 2019 Update Repost Full Installer releases.

Our product software, upgrades, maintenance releases, and documentation are available on the Product Downloads site.

NOTE: You need a valid Grant Number for access. See KB56057 - How to download product updates and documentation for more information about the Product Downloads site, and alternate locations for some products.

Workaround

There’s no workaround available for the AMCore-related issue.

For the Exploit Prevention-related issue, the following workarounds exist to avoid the issue:

Remove the mapped drives that point to a non-drive letter, or reassign the mapped drives to a drive letter.
For ENS, disable Exploit Prevention.

Affected Products

Languages:

This article is available in the following languages:

Knowledge Center

Blue screen error with Bug Check 19 "BAD_POOL_HEADER" occurs with Endpoint Security

Environment

Problem

Cause

Solution

Workaround

Affected Products

Languages:

Title

Title

Knowledge Center

Blue screen error with Bug Check 19 "BAD_POOL_HEADER" occurs with Endpoint Security

Environment

Problem

Cause

Solution

Workaround

Affected Products

Languages:

Choose your region

Title

Title