Files that Symantec Endpoint Protection (SEP) places in Quarantine after detection are unavailable for access by users and applications unless released from Quarantine. You need to know which user accounts are permitted to restore files from Quarantine.
All users are able to restore files from Quarantine.
When a user restores a file from Quarantine, the file can be accessed by the user, applications, and operating system. However, upon access (depending on your Antimalware policy) the file is again scanned and, if still detected, returned to Quarantine as a malicious file.
The only way to prevent users from restoring files from Quarantine is to require a password to open the user interface. Then, only users who have the password can access the interface and restore files from Quarantine.