I've always wondered the same and our DBAs always question it but since the install fails without it, they reluctantly give access for the install and remove as soon as it's done. Frankly, I don't know if you'll get an exact answer on here or even from outside of back line or dev support.
Yeah, I told the DBA the same thing, but due diligence required that I at least try. If all else fails, we can always install to a fresh instance, and then monitor the instance for a couple weeks to see if Symantec is "helping" us doing any maintenance tasks.
As always, thanks for your input!
Anyone else have any other information to share??