Endpoint Protection

Is it recommended to have the ProActive Threat Protection module installed on a Windows 2012 R2 Terminal Server or use Basic Protection?

If so what are the best practices for exclusions using Threat Protection?

It is fully supported. You may want to start with AV only and build out from there.

This is the best guide I can find:

Citrix and terminal server best practices for Endpoint Protection

Hi,

Thank you for posting in Symantec community.

Symantec Endpoint Protection (SEP) client should be installed on all computers on the network, including servers. On servers, SEP should be placed in appropriate client groups so that specific management policies and associated exceptions can be applied. Depending on the server's role, creating and applying the correct policies is critical for system performance in the areas of disk I/O and CPU usage.

Installation best practices for Endpoint Protection on Windows servers.

http://www.symantec.com/docs/TECH92440">http://www.symantec.com/docs/TECH92440">http://www.symantec.com/docs/TECH92440

Best Practices for the Intrusion Prevention System component of Symantec Endpoint Protection (SEP) on high-availability/high bandwidth servers.

http://www.symantec.com/docs/TECH162135">http://www.symantec.com/docs/TECH162135">http://www.symantec.com/docs/TECH162135

Citrix and terminal server best practices for Endpoint Protection

http://www.symantec.com/docs/TECH91070

The infromation provided was very helpful.  Thank you very much.

You're welcome