search cancel

TDAD not enabled, events on clients: Enabled the collector for Endpoint Thread Defense for AD

book

Article ID: 256595

calendar_today

Updated On:

Products

Endpoint Security Complete

Issue/Introduction

Events are seen on domain controllers that have migrated to Symantec cloud. A TDAD policy is not enabled for these systems.
 
The Application log in the event viewer shows: Source: Symantec Threat Defense for Active Directory. Event ID 7003. Message: Enabled the collector for Endpoint Threat for Defense for AD.

Environment

Symantec Endpoint Security 14.3x.

Cause

Because the feature itself is still enabled on the SEP Client, the TDAD component will still load and conduct standard procedural operations. It will not apply a policy and execute protections, but will still be present.

Resolution

The Feature set policy can be used to remove the TDAD feature. However, TDAD is not doing anything so the current configuration isn't causing any problems. But if needed apply the feature selection policy to the domain controllers and uncheck the option:

Apply this policy to Domain Controllers and any other system you do not want the TDAD agent applied on.

Attachments