About Tamper Protection settings

Tampering and/or disabling security software is a technique employed by many targeted attacks in today's threat landscape. Tamper Protection is a key technology that protects Symantec Endpoint Security processes and resources from any attempts of alteration or disabling. Tamper Protection blocks modifications to agent registry settings, files, and prevents tampering with running processes on Windows agents.
If you use any third-party security risk scanners that detect and defend against unwanted adware and spyware, these scanners typically affect Symantec resources. If you set Tamper Protection to log tamper events when you run such a scanner, Tamper Protection generates a large number of log entries. If you decide to log Tamper Protection events, use log filtering to manage the number of events.
You can create exceptions for the applications that Tamper Protection detects with the Allow List policy.