When reviewing the Incidents that Symantec Endpoint Detection and Response (SEDR) is creating, you notice they include Events from Endpoint clients for files you have added to the whitelist. You may also see Sandbox submissions for whitelisted files in the Actions menu.
The ATP/SEDR SHA2 whitelist only applies to Network detections and Endpoint Insight queries. It does not preclude these files from being correlated along with other events into an Incident, matching known threat feeds, or being submitted to the configured Sandbox.
If you need to whitelist against all Endpoint detections for this file, you will need to create an Exception in the SEP Manager to prevent your clients from creating detections for the file that the appliance will trigger on.