Over how long a period did you run the fingerprint file?
Did you allow the machines having the fingerprint file to be used as per normal over a period of time?
If only a short period of time was used for the figerprint file then those files may not have launched in the time period not allowing the file to capture them so when you've put lockdown in enforcement mode it locks them down.
Did you follow the system lockdown configuration?
https://support.symantec.com/en_US/article.HOWTO80848.html