Description

An issue in Elastic Defend's network driver may lead to kernel pool corruption, resulting in bug checks (BSODs) on Windows systems with a large number of long-lived network connections which remain inactive for 30+ minutes.

The system may bug check with any of a variety of codes such as IRQL_NOT_LESS_OR_EQUAL, SYSTEM_SERVICE_EXCEPTION, or PAGE_FAULT_IN_NONPAGED_AREA.

Affected and Fixed Versions

This regression only affects the following versions of Defend:

Mitigation

Affected users should upgrade to a fixed version listed above or later.

Customers who are unable to upgrade can set advanced.kernel.network: false in Defend advanced policy.