I hope I am in the right forum. If I am not, please move me to the right one. I am new to this forum.

Makes sure you follow the steps in this KB -

How to Create Exceptions or Exclusions for Tamper Protection Alerts that have already been logged

http://www.symantec.com/business/support/index?pag...

I am going to move this thread to the Endpoint Protection forum for better visibility.

check these links

What should I do when I get a Tamper Protection Alert?

http://www.symantec.com/business/support/index?page=content&id=TECH97931

How to Create Exceptions or Exclusions for Tamper Protection Alerts that have already been logged

http://www.symantec.com/business/support/index?page=content&id=TECH92553

Creating Tamper Protectin Exception

http://symantec.com/docs/HOWTO55213

Create a tamper protection exception for NNtask.exe and NNlive.exe.

Title: 'How to Create Exceptions or Exclusions for Tamper Protection Alerts that have already been logged.'
Document ID: 2009022412404548
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009022412404548?Open&seg=ent

In order for the following process to work you must have alerts already generated.

1. Click Monitors

2. Click the Logs tab

3. For Log type, choose Application & Device Control

4. Click Advanced Settings

5. For Event Type, select Tamper Protection

6. Click View Logs

7. Click a tamper protection event that contains the executable to exclude

8. At the top of the table, in the Action box, choose: Add file to Centralized Exceptions Policy

9. Click Start

10. Check Process File to be added is correct

11. Select the Centralized Exception policy you want to add the new exception to

12. Click OK

13. Click OK at the Message box

14. When client checks in with SEPM it will get new policy based on heartbeat interval.

Note: Default heartbeat is push, the server has a constant connection to the clients.

How to create exclusions and exceptions for: Tamper Protection, Application Control Driver, or Application Control Rules.