Endpoint Protection

Text from the minidump file:

100516-28984-01.dmp    10/5/2016 9:48:18 PM    DRIVER_IRQL_NOT_LESS_OR_EQUAL    0x000000d1    00000000`0000fffe    00000000`00000002    00000000`00000000    fffff880`077d67e0    IDSvia64.sys    IDSvia64.sys+967e0                    x64    ntoskrnl.exe+6f400                    C:\Windows\Minidump\100516-28984-01.dmp    8    15    7601    289,992    10/5/2016 9:51:40 PM

Running SEP 12.1 RU6 MP5 on a Windows 2008 R2 SP1 server

I've serched around and haven't fount anything. Any ideas?               

What components do have installed and enabled? Have you tried 12.1.6 MP6?

Running Auto-Protect, Download Insight, SONOR, Early Launch Anti-Malware, MS Outlook Auto-Protect, and IPS.

No, have not installed MP6. The client is slow to adopt updates unless a good case can be made for it.

That driver is specific to IPS. If you temporarily disable IPS, does it work as expected? Do you have NIC teaming enabled on this box?

What will happen is you'll need to get a case open and provide the dump. They will also need to run some advanced logging as well to start doing root cause analysis.

Additionally, take a look at best practices of IPS on servers to see if your box meets the requirements:

http://www.symantec.com/docs/TECH92440

Can I disable IPS on just one machine or do I have to move the server to a new group and withdraw the policy?

No NIC teaming, just one on the VM.

I'll probably open a case.

Move to a test group and disable only that box

Got it, thanks.