BSOD due to SEP 12.1.1101.401

Hi,

I am observing frequently BSOD on my windows 7 64 bit machine and it always show netio.sys with different process name. In this case stAgentUI.exe is shown. This is just UI based app nothing related with any type of driver. Issue is happened if SEP is running.

Could you please help to resolve this issue? 

SEP version is 12.1.1101.401.

I have pasted log analysis and Teefer/netio/tcpip driver information but BSOD does not show any trace for Teefer.

Below is BSOD stack trace and bug analysis:

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa800c4319b0, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff88001b397b8, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)

Debugging Details:
------------------

WRITE_ADDRESS:  fffffa800c4319b0 Nonpaged pool

FAULTING_IP: 
NETIO!ProcessCallout+1d8
fffff880`01b397b8 f0834730ff      lock add dword ptr [rdi+30h],0FFFFFFFFh

MM_INTERNAL_CODE:  0

IMAGE_NAME:  NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  5294760d

MODULE_NAME: NETIO

FAULTING_MODULE: fffff88001b2d000 NETIO

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  stAgentUI.exe

CURRENT_IRQL:  0

TRAP_FRAME:  fffff8800c5315d0 -- (.trap 0xfffff8800c5315d0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800c256640 rbx=0000000000000000 rcx=fffffa8003e3db50
rdx=fffffa8003e3db50 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88001b397b8 rsp=fffff8800c531760 rbp=0000000000000024
 r8=0000000000000000  r9=0000000000000000 r10=fffff80002e5b000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
NETIO!ProcessCallout+0x1d8:
fffff880`01b397b8 f0834730ff      lock add dword ptr [rdi+30h],0FFFFFFFFh ds:00000000`00000030=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002f4ebf0 to fffff80002ed0bc0

nt!KeBugCheckEx
nt! ?? ::FNODOBFM::`string'+0x4518f
nt!KiPageFault+0x16e
NETIO!ProcessCallout+0x1d8
NETIO!ArbitrateAndEnforce+0x238
NETIO!KfdClassify+0x934
tcpip!WfpAleClassify+0x57
tcpip!WfpAlepAuthorizeOrClassifyPort+0x4f3
tcpip!WfpAlepAuthorizePortByFamily+0x2b5
tcpip!WfpAleAuthorizePort+0x69
tcpip!TcpBindEndpointRequestInspectComplete+0x25e
tcpip!TcpBindEndpointWorkQueueRoutine+0x8f
tcpip!TcpBindEndpoint+0x87
tcpip!TcpIoControlEndpoint+0x68
tcpip!TcpTlEndpointIoControlEndpointCalloutRoutine+0x1c
nt!KeExpandKernelStackAndCalloutEx+0xd8
tcpip!TcpTlEndpointIoControlEndpoint+0x70
afd! ?? ::GFJBLGFE::`string'+0xa1d0
afd!AfdTLBindSecurity+0xad
afd!AfdBind+0x399
nt!IopXxxControlFile+0x607
nt!NtDeviceIoControlFile+0x56
nt!KiSystemServiceCopyEnd+0x13
0x741b2e09

stAgentUI.exe stack trace from dump:

fffffa800406b700 stAgentUI.exe
nt!KeBugCheckEx
nt! ?? ::FNODOBFM::`string'+0x4518f
nt!KiPageFault+0x16e
NETIO!ProcessCallout+0x1d8
NETIO!ArbitrateAndEnforce+0x238
NETIO!KfdClassify+0x934
tcpip!WfpAleClassify+0x57
tcpip!WfpAlepAuthorizeOrClassifyPort+0x4f3
tcpip!WfpAlepAuthorizePortByFamily+0x2b5
tcpip!WfpAleAuthorizePort+0x69
tcpip!TcpBindEndpointRequestInspectComplete+0x25e
tcpip!TcpBindEndpointWorkQueueRoutine+0x8f
tcpip!TcpBindEndpoint+0x87
tcpip!TcpIoControlEndpoint+0x68
tcpip!TcpTlEndpointIoControlEndpointCalloutRoutine+0x1c
nt!KeExpandKernelStackAndCalloutEx+0xd8
tcpip!TcpTlEndpointIoControlEndpoint+0x70
afd! ?? ::GFJBLGFE::`string'+0xa1d0
afd!AfdTLBindSecurity+0xad
afd!AfdBind+0x399
nt!IopXxxControlFile+0x607
nt!NtDeviceIoControlFile+0x56
nt!KiSystemServiceCopyEnd+0x13
+0x741b2e09

Teefer.sys info:

0: kd> !lmi Teefer.sys
Loaded Module Info: [teefer.sys] 
         Module: Teefer
   Base Address: fffff88004f40000
     Image Name: Teefer.sys
   Machine Type: 34404 (X64)
     Time Stamp: 4e4a3787 Tue Aug 16 14:55:27 2011
           Size: 2a000
       CheckSum: 11267
Characteristics: 22  
Debug Data Dirs: Type  Size     VA  Pointer
             CODEVIEW    84,  b534,    9b34 RSDS - GUID: {990E501B-694D-4B41-B66C-3B10C90DE635}
               Age: 1, Pdb: c:\bld_area\teefer2_12.1\symantec_enterprise_protection\teefer2\src\vista\objfre_wlh_amd64\amd64\teefer.pdb
     Image Type: MEMORY   - Image read successfully from loaded memory.
    Symbol Type: NONE     - PDB not found from symbol server.
    Load Report: no symbols loaded

netio.sys and tcp.sys info:

fffff880`01b2d000 fffff880`01b8d000   NETIO      (pdb symbols)          c:\websym\netio.pdb\1A3624EA66AA400882BAF5885EE923E52\netio.pdb
    Loaded symbol image file: NETIO.SYS
    Image path: \SystemRoot\system32\drivers\NETIO.SYS
    Image name: NETIO.SYS
    Timestamp:        Tue Nov 26 15:51:01 2013 (5294760D)
    CheckSum:         0006433E
    ImageSize:        00060000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`01c01000 fffff880`01e00000   tcpip      (pdb symbols)          c:\websym\tcpip.pdb\A4EFC57E86E74A16BA032ACC7FBF04A42\tcpip.pdb
    Loaded symbol image file: tcpip.sys
    Image path: \SystemRoot\System32\drivers\tcpip.sys
    Image name: tcpip.sys
    Timestamp:        Sat Apr 05 06:56:44 2014 (533F5BD4)
    CheckSum:         001D5F45
    ImageSize:        001FF000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Regards,

Anand Choubey