I was tracking down a memory leak and seem to have traced it to Windows WFP. Does SEP use the WFP?
Here is how a tracked down the leak:
Running poolmon:
\
Googling the fwpx pool tag I can see some issues people had with the McAfee anti-virus product (but Symantec SEP 12 is installed on this server).
According to this Technet blog post the fwpx pool tag is the related to this driver:
Fwpx - fwpkclnt.sys - WFP NBL tagged context
Then I googled more and found this kb:
https://support.microsoft.com/en-us/kb/2885980
According to the kb the FwpsAllocateCloneNetBufferlist() API leaks memory.
But before I install the hot-fix I'm still curious what program is using the WFP which is causing this error. I can't think of any software other than SEP on this server which might use this, but just want to be sure. Of course its not SEPs fault its the API.