When Threat Defense for Active Directory (TDAD) is deployed to a language-localized OS the obfuscation mask is visible in cmd.exe, but not in PowerShell. Changing system locale is not necessary; setting Windows' Display Language to a non-English language will reproduce the issue. This affects commands such as Get-ADGroupMember "domain computers" from the Microsoft Remote Server Administration Tools (RSAT).
Release : 14.3 RU7 and below.
An issue was identified in processing the target assembly name substring.
This issue is fixed in Symantec Endpoint Security (SES) 14.3.8 (RU8).
For information on how to upgrade the SES agent, see Upgrading Windows client software automatically (broadcom.com)