Dave, you need to do 2 things
First, open SEPM, click on computers, select your server, then click the Policies tab
Under "other policy settings" click Edit Settings for Tamper protection
Under Tamper protection, select "log only" in the drop-down
If you are running RU1 - and I strongly recommend the upgrade - there is a check box to "Display notification message" make sure that is not checked.
Click OK to save these settings.
Right about that you have Exceptions click Tasks - select Edit Policy
Click Exceptions in the left
In the Exceptions area, click Add to add each of the flagged Zenith/Continuum exe files. As far as I know, you can't exclude the entire folder...
Click Add, select Windows Exception, select Tamper Protection Exception.
Enter the full path and file name.
(A crying shame that Symantec still doesn't have [program_files_(x86)] as a varaiable.)
Click OK when you are finished.
Apply the Exceptions policy to the server.
That should do it!
Larry