A client's properties, and the Protection technology view show "Endpoint Threat Defense for AD" has a status of Component malfunctioning. The affected client(s) are either in a workgroup, or in a domain other than the one which was added in the TDAD Core console.
Because the TDAD policy has been applied to the client's group, but the client is not in a participating domain, the client-side driver will not enable.
This message is currently expected for clients in this state due to environmental configuration. Symantec is evaluating the message displayed for this state to determine if it should be revised.