Installing to the cluster
The following is an Overview of the steps for installing the Symantec Endpoint Protection (SEP) client to the cluster server:

1. It is not necessary to break the cluster by bringing down one of the nodes.
2. It is required that the node be in passive mode during the install.
3. Install the SEP client to the passive node.

Repeat steps 1 though 3 for any additional nodes.

Notes:
1. To install SEP, the breaking of the cluster is not required. In the past, some administrators preferred to break the cluster in order to ensure the cluster would not have resource or performance issues during the install.
2. While a default install of SEP on a new system does not require a reboot if only installing AV/AS (Antivirus/Antispyware), if IPS (Intrusion Prevention System) is installed a reboot will be required in order for the driver installation to the TCP/IP stack to complete.
3. If the install is an upgrade from a previous version of SEP, there is a possibility that a reboot will be required. This can be due to other products and/or applications on the system using shared files, such as runtime libraries. If these files are in use at the time of the installation and cannot be replaced, then these files are marked for replacement and will be replaced upon the next reboot.
4. It is not recommended to install a Symantec Endpoint Protection Manager (SEPM) on a cluster. Installing an SQL database on a cluster is supported.
5. The SEP client is not "cluster-aware", and should not be configured as a cluster server, as it should remain active and running to protect the local server, even when the local server is the "passive node" and is not in control of the shared resources. Accordingly, the SEP client should not be installed to the shared cluster resources.
6. In an active - passive cluster pair with SEP 12.1.x, it advised that all cluster servers be in groups that have the policy component “Block all traffic until firewall starts and after the firewall stops” disabled. This component can cause the cluster communications to fail and result in an undesired Active - Active scenario where both cluster partners attempt to manage the shared data. An alternative work-around is to set the cluster service to manual start-up and then script launching the service once the machine has finished its boot process or a user log-on event occurs. This ensures the cluster service starts after the smcservice and that the firewall is running before the cluster service comes on online. 

Additional cluster server guidance from Symantec

• Installing a Symantec Endpoint Protection Manager (SEPM) on a Windows 200x Cluster is not supported. High Availability for the SEPM backend (MS SQL database) should be achieved by installing it into an SQL cluster. High Availability for the SEPM web front-end should be achieved by installing more than one SEPM connecting to the same SQL database.
• The SEP client is supported in both Active/Active and Active/Passive clustering.
• AutoProtect on the local SEP client will protect the local server resources.
• The shared resources will be protected by AutoProtect on the active server node. 
• Do not install the SEP client to the cluster's shared drives. When the server fails over, access to the SEP software will be lost.
• If installing remotely, install the SEP client software using the local server names and not the shared cluster name.
• Each SEP client installation is managed separately and provides protection in the event of a failover..
• If a manual scan of the shared drives is being performed when failover occurs, the scan will not automatically restart.
• If one SEP client in the cluster is temporarily down, virus definitions on that node will not be updated until the SEP client successfully starts and updates itself from the designated management server.
• Event logging and alerting will include the name of the local system and not the cluster server name. This helps to identify which system encountered the event.

Note: Windows 2008 servers are supported by SEP 11 MR2 and all subsequent releases.

Uninstalling from the cluster
The following is an overview of the steps for uninstalling the Symantec Endpoint Protection client from the cluster:

1. It is not necessary to break the cluster by bringing down one of the nodes.
2. It is required that the node be in passive mode during the uninstall.
3. Uninstall the SEP client from the passive node.

Repeat steps 1 through 3 for any additional nodes.

References

TECH100288 - Installing Symantec AntiVirus Corporate Edition to a cluster server