Index: /trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp
===================================================================
--- /trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp	(revision 52655)
+++ /trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp	(revision 52656)
@@ -3191,4 +3191,5 @@
     if (pvBase)
     {
+        /*SUP_DPRINTF(("supR3HardNtPuChUnmapDllFromChild: Calling NtUnmapViewOfSection on %p / %s\n", pvBase, pszShort));*/
         NTSTATUS rcNt = NtUnmapViewOfSection(pThis->hProcess, pvBase);
         if (!NT_SUCCESS(!rcNt))
@@ -3237,4 +3238,5 @@
         {
             SIZE_T cbView = 0;
+            SUP_DPRINTF(("supR3HardNtPuChTriggerInitialImageEvents: mapping view of %s\n", pszShort)); /* For SEP. */
             rcNt = NtMapViewOfSection(hSection, pThis->hProcess, &pvRet, 0 /*ZeroBits*/, 0 /*CommitSize*/,
                                       NULL /*pOffSect*/, &cbView, ViewShare, 0 /*AllocationType*/, PAGE_READWRITE);
@@ -3312,7 +3314,18 @@
      * a 2nd time into the process before we actually start executing the thread
      * and trigger the genuine image load events.
-     */
+     *
+     * Update: Turns out Symantec Endpoint Protection deadlocks when we map the
+     *         executable into the process like this.  The system only works
+     *         halfways after that Powerbutton, impossible to shutdown without
+     *         using the power or reset button. The order of the two mappings
+     *         below doesn't matter. Haven't had time to look at stack yet.
+     *         Observed on W7/64, SEP v12.1.4112.4156.
+     *
+     */
+#if 0
     PVOID pvExe2 = supR3HardNtPuChMapDllIntoChild(pThis, &g_SupLibHardenedExeNtPath.UniStr, "executable[2nd]");
-
+#else
+    PVOID pvExe2 = NULL;
+#endif
     UNICODE_STRING NtName1 = RTNT_CONSTANT_UNISTR(L"\\SystemRoot\\System32\\ntdll.dll");
     PVOID pvNtDll2 = supR3HardNtPuChMapDllIntoChild(pThis, &NtName1, "ntdll.dll[2nd]");