anywhere not mention regrading DC and other application
The Symantec Endpoint Protection client software automatically detects the presence of certain third-party applications: Active Directory Domain Controller is one such application. After the SEP client detects that it is running on a Domain Controller (DC), it automatically creates the necessary exclusions for sensitive files and folders. These files and folders are excluded from all antivirus and antispyware scans.
Other wise you can exclude manually.
Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows
https://support.microsoft.com/en-us/kb/822158
Installation best practices for Endpoint Protection on Windows servers
https://support.symantec.com/en_US/article.TECH92440.html