It may be possible to work around or resolve this issue either by updating the application for which the Tamper Protection alerts are being generated, or by updating the SEP client version on the affected machines.
There was a known issue with SEP 12.1 RU1 version, make sure SEP client is on the latest version.
Symantec Endpoint Protection (SEP) clients generating Tamper Protection alerts on excluded applications
http://www.symantec.com/docs/TECH171057
Check tamper protection logs for more details, following article can help you for that.
How to collect the Tamper Protection log from Symantec Endpoint Protection Manager in Symantec Endpoint Protection 12.1
http://www.symantec.com/docs/TECH182743
Note: Tamper Protection does not support folder exceptions.