This page gives best practices for installing Symantec Endpoint Protection for Macintosh (SEP for Mac) on macOS Server (formerly known as Mac OS X Server and OS X Server).
Symantec does not officially support macOS Server; that is, it has not been extensively tested with SEP for Mac. But there are only minor differences between macOS workstations and servers. SEP for Mac should function and scan for threats as expected.
It is recommended that you use the newest SEP version.
Symantec has not tested SEP with Xsan or Xserve RAID. Symantec cannot recommend using SEP for Mac at all in this way.
SEP on macOS Server should not be seen as a replacement for antivirus software on client computers.
To tune performance, configure SEP Auto-Protect to scan only very specific areas of your storage. Target places like the FTP directory, WebDAV directories, Shared Items, and user directories. Do this using the "Scan only in the following folders" option in the SEP Mac Settings, Advanced, Global Scan Options.
SEP for Mac's Auto-Protect will scan files that are written to a mounted network share from every Mac client running SEP. In some network configurations, this can degrade performance and reliability. Excluding mounted shares from SEP on the client machines will resolve these type of issues; use SEP only on the hosting server to scan that share.
Note: SEP for Mac Global Scan Options and Centralized Exceptions can exclude files and folders or include files or folders, not both. That is, a managed SEP Mac client's Global Scan options can be configured to "Scan everywhere," "Scan only in the following folders," or "Scan everywhere except in the specified folders" (use Centralized Exceptions.
Turn off the scanning of compressed files to increase performance.
macOS Server bundles antivirus and antispam with the mail service. If you enable mail service, make sure that this directory is not scanned: /private/var/spool/imap
Exclude directories with database files (such as MySQL, FileMaker, etc).