Symantec Endpoint Protection(SEP) Release : 14.3 RU5

Explanation:

• The "Manual quarantine scan" is triggered by the scan flag "IScan2::SOFEX_FLAG_MANUAL_QUARANTINE".
• This flag is typically set when a user interacts with the SEP UI, such as selecting "View Quarantine" -> "Add..." or using the detection result window -> "Move To Quarantine". Since these actions are initiated from the SEP UI, they are usually associated with the current user. 
• It is triggered by the currently logged in user. SEP then forwards it to the SEP scanning service for scanning.
• The current context switched to system because the SEP scanning service was running on system.  
• After the SEP scan service returns the scan results, SEP impersonates the original logged-in user, and the SEP logs show the original logged-in user.
• However, in situations where SEP might not be able to get the original user token, or sometimes it can't impersonate for some reason, the SEP logs show the User Value as "system".
     This is why the SEP log may sometimes show a system "Manual Quarantine Scan", even though the scan was triggered by the currently logged in user.