Hi Lily,

I moved your post to the correct forum (SEP/AV) for better exposure. In the future, be sure to post here instead of in the SEP SBE forum.

Regards,
Thomas

SEP works great on Exchange and Domian Controllers. I have installed SEP in atleast 100s of them.
one thing to take into consideration before installing is.
Make sure you do not have any strict policies configured for your SEP Firewall..or test your firewall policies once in test environment before installing SEP with firewall on domain/exchange servers.
Or if you don't want a firewall.Install only Antivirus and Antispyware feature of SEP and it will work great,,

Critical exchange files and folder are automatically excluded by sep antivirus scan so that it won't harm your exchange and a DC won't require any addtional configuration.

Virus scanning recommendations for computers that are running Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 2000, Windows XP, or Windows Vista

http://support.microsoft.com/kb/822158

Yes SEP works on DC , Exchange servers, There are no issues with that. Above all it creates automatic exclusions so that we don't have to create excluiosn for DC and Exchange

SEP works fine on DC, you install the SEP client on DC or Exchange it creates necessary exlcusions in the registrty, i posted this in one of my earliest posts..here the list of exclusions for DC

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\Domain Controller]
"HaveExceptionFiles"=dword:00000001
"HaveExceptionDirs"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\Domain Controller\FileExceptions]
"C:\\WINDOWS\\NTDS\\EDB.chk"=dword:00000000
"C:\\WINDOWS\\NTDS\\edb.log"=dword:00000000
"C:\\WINDOWS\\NTDS\\edb00001.log"=dword:00000000
"C:\\WINDOWS\\NTDS\\edb00002.log"=dword:00000000
"C:\\WINDOWS\\NTDS\\edb00003.log"=dword:00000000
"C:\\WINDOWS\\NTDS\\ntds.dit"=dword:00000000
"C:\\WINDOWS\\NTDS\\RES1.log"=dword:00000000
"C:\\WINDOWS\\NTDS\\RES2.log"=dword:00000000
"C:\\WINDOWS\\NTDS\\TEMP.edb"=dword:00000000
"C:\\WINDOWS\\ntfrs\\jet\\log\\edb.log"=dword:00000000
"C:\\WINDOWS\\ntfrs\\jet\\log\\res1.log"=dword:00000000
"C:\\WINDOWS\\ntfrs\\jet\\log\\res2.log"=dword:00000000
"C:\\WINDOWS\\ntfrs\\jet\\Ntfrs.jdb"=dword:00000000
"C:\\WINDOWS\\ntfrs\\jet\\sys\\edb.chk"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\Domain Controller\NoScanDir]
"C:\\WINDOWS\\SYSVOL"=dword:00000000
"c:\\windows\\sysvol\\domain\\DO_NOT_REMOVE_NtFrs_PreInstall_Directory"=dword:00000001
"c:\\windows\\sysvol\\staging"=dword:00000001
"C:\\WINDOWS\\SYSVOL\\staging areas"=dword:00000001
"C:\\WINDOWS\\SYSVOL\\sysvol"=dword:00000001

 The SEP client software is 'smart' enough to know that exclusions should be made for Exchange servers. The below document notes this, and adds some additional information for other Symantec producsts like Symantec Mail Security for MSE.

http://service1.symantec.com/support/ent-security....

from the post

https://www-secure.symantec.com/connect/forums/installing-sep-exchange-server

thanks for all your replies.
I will install it and come back here later to update the information.

it works fine if i disable network protection.
thanks again.

Automatic detection of exceptions is great. However, we discovered that not all necessary files to exclude are actually excluded on Windows 2008 Domain Controllers. NTDS database extensions are .jdb for the database and .jrs for the log files but SEP seems to  exclude the edbxxxxxx.log files insted of the.jrs files.