Without discussing the malware in a specific manner, one issue is this:
This malware in particular I have seen change the userinit.exe link for login. One version changed the userinit.exe to wsausupdater.exe. What this means is that IF an AV program just deletes the EXE file without first repairing the registry link that has been changed, the client computer will no longer have login's work. This can be fixed of course with a Bartpe CD or a remote registry editor, but it does kick the level of complexity up much higher to resolve the workstation.
So the question for Symantec would be: How do you handle that type of malware that changes the userinit.exe setting in the registry. Is the SEMP product sophisticated enough to fix that registry link without just deleting the bad EXE file?