With the release of Symantec Endpoint Protection 12.1 I have seen that Tamper Protection is quite sensitive and will throw an alert for a wide variety of processes. This can be overcome on a managed client by simply adding an exception for the process per HOWTO54866, however there is no client-side option to do this. Using the steps in TECH105320 can be a somewhat useful workaround, but you're locked into the exceptions you install with. There needs to be a way in the user interface of the unmanaged client to create Tamper Protection exceptions. Without this the only other option is to completely disable Tamper Protection. That seems like a very unnecessary security risk when you only have one or two processes that are generating alerts.