Service accounts need to be assigned to critical servers so their passwords can be managed. But we can't install with a gMSA since we don't have the password.

DLP 16.1

MSI Install of Enforce and Detection servers require an account with a password to be configured when installing.

Installation of DLP with a Group Managed Service Account is not supported however, post-install, the DLP services can be changed to any account so long as they have the appropriate rights.

Change log on user or password for Symantec DLP services (Windows Server)(broadcom.com)

Open Enhancement Request ID: ISFR-2185 DLP Detection - Support Group Managed Service Account (gMSA) for Enforce and Detections Servers (OCR included)