In the Virus and Spyware Protection settings of Symantec Endpoint Protection (SEP), you have set the action when a risk is detected to Leave alone (Log only). However, when you right-click the folder or file, and then click Scan for Viruses, the manual scan deletes malicious files, regardless of your predefined action setting.
This behavior is by design.
Symantec Endpoint Protection has several types of scans, which fall into two categories:
While the Virus and Spyware Protection Settings show some global settings that are shared among all types of scans, such as the exception list and log retention, some actions only apply to specific types of scans. For example, on the Auto-Protect tab, the settings you see when you click Actions only affect the Auto-Protect scan.
Since a manual scan is a simple scan, you cannot customize the actions it takes when it detects a risk. The default values are always Clean risk for primary action, and Quarantine risk for secondary action.
A simple scan is meant to be the most basic of scans, but this intent may cause some confusion. A future release may introduce global settings for all scan types.