When SEP is installed initially , The client monitors the applications that are installed on the client computer. If the software detects Active Directory on the client computer, the software automatically creates the exclusions.

You have to either uninstall and reinstall the SEP client or create the exclusion manually .



Technical Information
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\Domain Controller]
"HaveExceptionFiles"=dword:00000001
"HaveExceptionDirs"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\Domain Controller\FileExceptions]
"C:\\WINDOWS\\NTDS\\EDB.chk"=dword:00000000
"C:\\WINDOWS\\NTDS\\edb.log"=dword:00000000
"C:\\WINDOWS\\NTDS\\edb00001.log"=dword:00000000
"C:\\WINDOWS\\NTDS\\edb00002.log"=dword:00000000
"C:\\WINDOWS\\NTDS\\edb00003.log"=dword:00000000
"C:\\WINDOWS\\NTDS\\ntds.dit"=dword:00000000
"C:\\WINDOWS\\NTDS\\RES1.log"=dword:00000000
"C:\\WINDOWS\\NTDS\\RES2.log"=dword:00000000
"C:\\WINDOWS\\NTDS\\TEMP.edb"=dword:00000000
"C:\\WINDOWS\\ntfrs\\jet\\log\\edb.log"=dword:00000000
"C:\\WINDOWS\\ntfrs\\jet\\log\\res1.log"=dword:00000000
"C:\\WINDOWS\\ntfrs\\jet\\log\\res2.log"=dword:00000000
"C:\\WINDOWS\\ntfrs\\jet\\Ntfrs.jdb"=dword:00000000
"C:\\WINDOWS\\ntfrs\\jet\\sys\\edb.chk"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\Domain Controller\NoScanDir]
"C:\\WINDOWS\\SYSVOL"=dword:00000000
"c:\\windows\\sysvol\\domain\\DO_NOT_REMOVE_NtFrs_PreInstall_Directory"=dword:00000001
"c:\\windows\\sysvol\\staging"=dword:00000001
"C:\\WINDOWS\\SYSVOL\\staging areas"=dword:00000001
"C:\\WINDOWS\\SYSVOL\\sysvol"=dword:00000001