A client's properties, and the Protection technology view show "Endpoint Threat Defense for AD" has a status of Component malfunctioning. The affected client(s) are either in a workgroup or in a domain other than the one which was added in the TDAD Core console.
Symantec Endpoint Protection Manager (SEPM) is integrated with Symantec Endpoint Threat Defense for Active Directory (TDAD) and the TDAD policy has been assigned to one or more groups in the SEPM.
Because the TDAD policy has been applied to the client's group, but the client is not in a participating domain, the client-side driver will not enable.
This message is currently expected for clients in this state due to environmental configuration. Symantec is evaluating the message displayed for this state to determine if it should be revised.