The only other thing, I could think of, without giving the user complete Admin rights to the system would than be folder/file rights.
I would assume that most users download to their desktop, which in turn is in their personal profile folder.
C:\users\[username] for Windows 7/Vista
&
C:\documents and settings\[username] for almost every other version
* * * * * * * * *
And the quarantine area is:
C:\ProgramData\Symantec\Symantec Endpoint Protection (on
on Windows 7 with 12.1 installed
or
c:\documents and settings\all users\Application Data\Symantec\Symantec Endpoint Protection\...
The question than becomes, is it from the "quarantine" folder that the system is incapable of deleting from.
Of course, no one wants to purposely infect a machine in order to find this out. You can try with "full rights" on one or both of those locations, user profile and quarantine area.
* * * * * * *
I often see in my quarantine/deleted files on the SEPM server, file with the name Keygen. Symantec REALLY doesn't like those. It should catch anything you "purposey" try to infect a machine with and quarantine/delete it. Of course, removing the machine from the network would be best practice for esting purpose. And as a "normal user"...