Hi,
PLease check the steps below to create a tamper protection exception from SEPM:
How to add a centralized Exceptions Policy if you don’t already have one to edit
1. Open the Symantec Endpoint Protection Manager
2. Click Policies
3. Click Centralized Exceptions
4. Click add a centralized policy
5. Click close
6. Assign Policy dialog box will pop up
7. Click YES to assign the policy to the group or groups of your choice
8. Check the box next to the group you would like to assign the policy
9. Click Assign
How to create exclusions and exceptions for: Tamper Protection, Application Control Driver, or Application Control Rules.
Example: Tamper Protection
In order for the following process to work you must have alerts already generated.
1. Click Monitors
2. Click the Logs tab
3. For Log type, choose Application & Device Control
4. Click Advanced Settings
5. For Event Type, select Tamper Protection
6. Click View Logs
7. Click a tamper protection event that contains the executable to exclude
8. At the top of the table, in the Action box, choose: Add file to Centralized Exceptions Policy
9. Click Start
10. Check Process File to be added is correct
11. Select the Centralized Exception policy you want to add the new exception to
12. Click OK
13. Click OK at the Message box
14. When client checks in with SEPM it will get new policy based on heartbeat interval.