You have configured Symantec Protection Engine (SPE) to quarantine threats per About quarantining files in Symantec Protection Engine however files are not quarantined.

SPE 9.X

The ICAP client is sending a SCAN request instead of a SCANREPAIRDELETE request.  By default SPE is configured to honor ICAP client input parameters.

The scan request must be SCANREPAIRDELETE for files to be quarantined.  Please use one of the following options.

1. Configure your ICAP client's AVSCAN action to SCANREPAIRDELETE or;
2. In SPE disable HonorICAPClientInput
   1. Open a command line/terminal to the SPE 
   2. Change directory to the SPE install folder 
      • Windows (default): 
        

        cd "C:\Program Files\Symantec\Scan Engine"

      • Linux (default):
        

        cd /opt/SYMCScan/bin

   3. Change the HonorICAPClientInput setting 
      • Windows:
        

        XMLModifier.exe -s /configuration/ProtocolSettings/ICAP/HonorICAPClientInput/ScanMode/@value false configuration.xml

      • Linux:
        

        ./xmlmodifier -s /configuration/ProtocolSettings/ICAP/HonorICAPClientInput/ScanMode/@value false configuration.xml

   4. Restart the SYMCScan Service
      • Windows:
        

        net stop symcscan
        net start symcscan

      • Linux:
        

        /etc/init.d/symcscan restart

Specify HonorICAPClientInput parameters for scanning 
https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/symantec-protection-engine/9-2-0/Core-server-only-mode/Specify-HonorICAPClientInput-parameters.html