Hi @john chendorain ,
Great to know that and thanks for sharing the update here.
By the way, since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others.". and according to the scenario introduced here: Answering your own questions on Microsoft Q&A, I would make a brief summary of this thread:
[SharePoint 2016 application pool crash]
Issue Symptom:
I have two Windows 2016 servers and SharePoint 2016 installed with IIS running, and recently after applying the Sept. 2023 OS security update the Central Administration app pool is crashing perodically with the following issue found after analyzing the .dmp file with DebugDiag.
"In w3wp.exe.16816.dmp the assembly instruction at ucrtbase!invoke_watson+18 in C:\Windows\System32\ucrtbase.dll from Microsoft Corporation has caused an unknown exception (0xc0000409)" This issue has occurred on two different 2016 web servers servers with SP 2016 installed
Not sure if the latest Windows server or SharePoint update has caused this issue or not, as the two updates were applied two days prior to first crash.
Current status:
So the issue was that the Sept. 2023 SP 2016 security update contained an antimalware feature that was enabled for all web applications. The resolution was to disable the hidden feature.
You could click the "Accept Answer" button for this summary to close this thread, and this can make it easier for other community members to see the useful information when they meet the similar issue.
Thanks again for sharing. :-)