Random clients generate "File threats activity detected" alerts for files residing in below directories for Symantec Endpoint Protection (SEP):

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Res
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Bin
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Bin64

SES 14.3.3384.1000

The events in the CSV report are Tamper Protection events. The SEP files aren't being detected, these events are for other processes attempting to affect SEP files and processes, and SEP is blocking those actions.

These blocked accesses are probably/actually being performed by other software than the listed executables, either from being injected into their process space or by a kernel driver. The usual cause of tamper protection spam like this is for other security software on the system.

Whitelist SEP files in the other security software, so that it stops trying to attach to SEP processes and files. Or, alternatively switch the Endpoint Security (SES) System Policy setting for Tamper Protection to "Block and do not log" to suppress the log volume coming from this interaction.