Hello Skalg,
Excluding the Symantec folder or process does not exclude the files that the process spawns from the fireAMP connector. These files will still be looked up unless they are excluded.
For example if you can see a pattern for the files created in the temp folder by SEp then you can craft an appropriate wildcard exclusion for these file.
e.g.: c:\users\*\appdata\temp\dwh*.docm.
For some context on why this particular sample was convicted by FireAMP, the detection name indicates that it scored a ThreatScore of 95 when analyzed in the AMP ThreatGrid Sandbox environment.
For even more third party details see: https://www.virustotal.com/en-gb/file/817749988c9544a6141cef718684b86fa17345d2f309cf5390faf3c4a8a2b605/analysis/1471299106/
The sample contains Macros which download additional files and instructions scoring a 39/56 detection ratio on VirusTotal at the time of this post.
Let me know if this helps you understand the issue.