1)some times there will be few false positivies too;
A best practice when you initially use Symantec Endpoint Protection Small Business Edition is to use the action Log the event only while you monitor the logs once a week. When you are comfortable that you see no false positives, then set Tamper Protection to Block it and log the event.
2)Is it safe to turn off the notifications and allow Tamper Protection to continue blocking? Or are we going to run into problems with SEP blocking something, which breaks something
Yes
3)When I add these programs to the Tamper Protection exclusion list on the server, it doesn't seem to do anything. Clients are still being notified even if the program is on the list
4)If Tamper Protection is really important, then why is the default setting in the default policy "Log the Event Only" and not "Block it and Log the Event".
default action configured by symantec; refer the document above.