After enrolling the SEPM into the cloud. The SEPM managed clients began to trigger on files that were already excluded in the Symantec Endpoint Protection Manager (SEPM) exclusion policy.
The cloud policy "Default Whitelist Policy" overwrites the on premise exclusion policy.
Symantec is currently investigating this issue. This KB will be updated when a fix is released. To work around the issue: