Video Screencast Help

How-To guide for Server 2008 DC endpoint

Created: 10 Jul 2013 | 6 comments


We're new to SEP and need help configuring our domain controllers for endpoint protection.

I've searched the formus for over an hour, but I haven't found a definitive guide for configuring endpoint protection on a Windows 2008 R2 domain controller.

I have the Protection Manager installed on a member server, and I attempted to install EP on a secondary DC, but it caused much havoc and prevented the server from communicating with DNS and other madness.

Thanks in advance for your help.

Operating Systems:

Comments 6 CommentsJump to latest comment

SMLatCST's picture

"Thumbs Up" to Rafeeq above.  It does sound as if the Firewall may have been installed on this DC.  Try again without the FW component.

As an aside, as far as the AV component of SEP goes, it is able to detect if it is being installed to a domain controller and add AD exceptions automatically.  Please see the below article for more information:
Note: This article should also help you determine if the SEP client is correctly excluding the AD files and folders

ᗺrian's picture

I would only start with AV only on the DC. You can create a FW policy but set everything to Log Only to let traffic pass and give you the ability to see what needs to be allowed.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture


Thank you for posting in Symantec community.

I would be glad to answer your query.

When you installed SEP on secondary DC that time you used Windows Firewall or Symantec firewall?

What's the SEP client version? 

Best Practices for Installing Symantec Endpoint Protection (SEP) on Windows Servers

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

AjinBabu's picture


Keep only Virus and spyware protection on your client.

Also have a look on

Mithun Sanghavi's picture


You can install the Symantec Endpoint Protection 12.1 on the Domain Controller.

Check this Article:

Best Practices for Installing Symantec Endpoint Protection (SEP) on Windows Servers

I would always recommend you to install the Latest version of Symantec Endpoint Protection 12.1 on your environment.

The Latest version of Symantec Endpoint Protection 12.1 is version SEP 12.1 RU3.

Latest Symantec Endpoint Protection Released - SEP 12.1.RU3

Best practices for upgrading to Symantec Endpoint Protection 12.1.3

In case you need an urgent assistance, contact Symantec Technical Support -

How to create a new case in MySupport

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:

United States: 800-342-0652 (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000

Additional contact numbers:

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.