There are multiple ways that Tamper Protection can be disabled or even weakened. Global Settings can be overridden by per-Policy settings, which can be overridden by per-Agent settings. To determine which combination of settings may be interfering with Tamper Protection:
cd "C:\Program Files (x86)\Bit9\Parity Agent" dascli password GlobalPassword dascli configprops filter *allow_u*
cd /Applications/Bit9/Tools/ ./b9cli --password GlobalPassword ./b9cli --configprops | grep "allow_u"
cd /opt/bit9/bin
./b9cli --password GlobalPassword
./b9cli --configprops | grep "allow_u"
dascli password GlobalPassword dascli configprops filter *disable_self*
If the issue persists please open a case with Support and provide the Agent Historical Logs from a machine.