Should I install an AV product on my domain controllers?
Anti-virus software should definitely be running on all machines in a properly-managed network, even if other threat prevention measures are in place. It should run on servers too, for two reasons: 1) they're the most critical computers in your environment, much more than client systems, and 2) they're no less at risk only because nobody actively uses (or at least should not being actively using) them for surfing the web: there's plenty of malware which can automatically spread across your network if it can get hold even of a single host.
That said, your problem is more related to properly configuring your anti-virus software.
The product you're using comes with built-in firewalling: that's something that should be taken into account when running it on server systems, and configured accordingly (or turned off at all).
Some years ago, anti-virus software was (in)famous for randomly deleting Exchange databases if by chance it came across a viral signature inside some e-mail message stored in the physical data file; every anti-virus vendor warned about this in the product manual, but some people still failed to grasp it and got their stores nuked.
There's no software you can "just install and run" without thinking twice about what you're doing.
All of our servers (including file/sql/exchange) run Symantec Antivirus with realtime scanning and weekly scheduled scans. The software increases the load on the machines by ~2% for average workloads (average 10% cpu usage during the day w/o realtime scanning, 11.5-12.5% with realtime scanning with on our file server).
Those cores weren't doing anything anyways.
YMMV.
I have always had AV software with on-access scanning enabled on all Windows servers and have been grateful for it more than once. You need software that is both effective and well behaved. While I know there are a few who will disagree I have to tell you that Symantec is about as bad a choice as you could make.
"All in one" type packages are rarely as effective as well chosen individual components (as in, I've never seen a decent example yet). Select what you need for protection and then choose each component separately for best protection and performance.
One thing to be aware of is that there's probably no AV product that has decent default settings. Most these days go for scanning both read and write. While that would be nice it often leads to performance problems. Bad enough at ay time but very bad when your DC has problems because a file it needs to access has been locked while the AV scanner is checking it. Most scanners also scan a very large number of file types that can't even be infected because they cannot contain active code. Check your settings and adjust with discretion.