Hi,
there are three possible explanations:
1) the web server is running a potential risk not related to Mantis
2) Mantis is doing potential malicious activities (without your awareness)
3) Mantis is doing potential malicious activities (with your awareness)
4) SEP is getting a false positive
Execptions cannot be suggested without indentifing your case.
To narrow down your issue to one of the above cases:
1) analyze risk logs and network traffic (as per Mick's suggestion) to indentify the source port of the attack and the process behind it, if it is not Mantis, submit the potential threat to Symantec Security Respose for analyis and definitions
2) if Mantis is recognized to be the source of the attack, review its documentation or contact its support to verify if it is an expected behavior or not, if it is not expected, Mantis's vendor has to fix it
3) if Mantis is the source of the attack and it is a known and accepted behavior, you need to create the related IPS exeption
4) if Mantis is the souce of the attack but it is suspected that SEP is misunderstanding its behavior, you can create a temporary exeption and engage Symantec for a potential false positive.