Endpoint Protection

Hello ,
I'm getting below alerts from my Citrix Xenapp servers on continues basis.
Any thoughts why these applications are trying hook up Symantec processes ? I have some issue with functionality a custom application(Healthcare) published on citrix. I'm wondering alerts has anything to do with that ?
Can anyone give me details of the below Symantec processes and what it does ?

Thanks,

Event Type	Action	Caller Process ID	Caller Process Name	Target
Tamper Protection	Block	9924	C:\PROGRAMDATA\CITRIX\XENAPP MP AGENT\PLS.EXE	C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.1904.0000.105\Bin\MigrateUserScans.exe
Tamper Protection	Block	9924	C:\PROGRAMDATA\CITRIX\XENAPP MP AGENT\PLS.EXE	C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.1904.0000.105\Bin\ccSvcHst.exe
Tamper Protection	Block	9924	C:\PROGRAMDATA\CITRIX\XENAPP MP AGENT\PLS.EXE	C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.1904.0000.105\Bin\FixExtend.exe
Tamper Protection	Block	8924	C:\PROGRAMDATA\CITRIX\XENAPP MP AGENT\PLS.EXE	C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.1904.0000.105\Bin\FixExtend.exe
Tamper Protection	Block	8924	C:\PROGRAMDATA\CITRIX\XENAPP MP AGENT\PLS.EXE	C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.1904.0000.105\Bin\MigrateUserScans.exe

This is a question for Citrix. SEP is only telling you it's happening. Beat to get a case opened with Citrix support. Add tamper protection exceptions if you feel it's needed.

Correct. Citrix would need to tell you why they are attemping to touch our processes.  Tamper Protection is blocking the access as it should.

For tamper protection exclusions please see:

https://support.symantec.com/en_US/article.HOWTO80927.html