I have several clients that are generating several informational Tamper protect messages.  However the processes are like Adoe Flash and IEXPLORE.EXE.  The security scans seem fine, no viruses and such, but I dont think a Tamper exception is appropriate for these processes.

Any thoughts on if this is normal chatter and/or an issue.  The end users are complaining about slowness and blue screens..Im removijg variables in my troubleshooting.  An example of the event id log below

Scan type: Tamper Protection Scan
Event: Tamper Protection Detection
Security risk detected: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE
File: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105
Location: C:\ProgramData\Symantec\Symantec Endpoint Protection
Computer: ISXXXXX
User: XXXX
Action taken: Access denied

Tamper protections do not always indicate a malware issue. It could just be that IE is trying to read a Symantec process and SEP denies it. If you don't see any issues with functionality it is fine but you may want to test on a few by adding the tamper protection exclusion to see if it resolves your issue.

Creating a Tamper Protection exception on Windows clients

You need to create Tamper Protection exception

Creating a Tamper Protection exception on Windows clients

http://www.symantec.com/business/support/index?page=content&id=HOWTO55213