Endpoint Protection is an important feature, but if not properly configured will slow down much of your services. A common company might have different servers which host different services, such as e-mail servers, terminal servers, and file servers. These different services require different policies with regard to endpoint protection. With Configuration Manager, Microsoft has created a set of different standard policies, such as:
Terminal server (RDS)
These should be applied accordingly in order to make sure that endpoint protection does not slow down the performance of, for instance, SQL. You can import these templates by navigating to Assets and Compliance | Endpoint protection | antimalware policies. Right-click and choose import, then you will get a list of different template policies. If you have another application that you are unsure of what policy you need, you should check if the producer has an antivirus exclusion list for that...