It doesn't just happen with Cisco. There are a ton processes that try to "tamper" with Symantec processes. I see it with Microsoft in general, webex, Citrix, etc. However, what it boils down to is getting that info from the 3rd party vendor and they won't have a clue as to why. If you trust it, exclude it. If not, let tamper protection continue to work.