Hello,
Since there are lot of questions, I would try my level best to explain by providing answers to your Questions... We are here to Assist you always..
When Symantec runs, finds a virus and acts on it then reports the work station cleaned - It is safe to assume that the virus is gone off the machine? no further intervention on my part? Correct?
At this time, you as an SEP Administrator, would have to check what is the Action taken by Symantec on the file detection, check these Articles:
Explanation of Action field values in Symantec Endpoint Protection 11 and Symantec AntiVirus 10.1
http://www.symantec.com/docs/TECH102052
What Does "Risk was partially removed" Mean? http://www.symantec.com/docs/TECH94475
Best Practices for responding to "Left Alone" in the virus or threat history log
http://www.symantec.com/docs/TECH101661
Changing the action that Symantec Endpoint Protection takes when it makes a detection
http://www.symantec.com/docs/HOWTO55248
===================================
When it quarantines it is the machine still "infected"? do I need to get on the workstation and run the recommended tool or follow the manual directions?
Quarantine is a special storage area that holds objects potentially infected with viruses. Potentially infected objects are objects that are suspected of being infected by viruses or modifications of them. Objects stored in Quarantine do not represent a threat to your computer.
When a File is stored in Quarantine, Symantec scans those Quarantine files with the Latest definitions which in turn may clean these files.
========================================
When it logs it is the machine still infected? do I need to get on the workstation an run the recommended tool or follow the manual directions?
Correct. It is recommended that you check the client machine.
Secondly, if you see the SEPM version 11.x reporting machines with Still infected status, then this is due to database entries marked for deletion, but included in query that calculates "Still Infected" count. The database is not purged automatically so we have to clear it manually.
Check this Article:
How to clear the "Still Infected" status from Reports in the Symantec Endpoint Protection Manager version 11.x http://www.symantec.com/docs/TECH102954
==================================
When Symantec cleans a virus - is it running the recommended cleaning tools or is it dealing with it in another way?
Symantec cleans the Virus files when the Latest definitions are uploaded on the SEP client machines, and your machine is being scanned.
Atlast, I would recommend you to check these Articles below, which would assist you in your new Role as SEP Administrator -
Security Response recommendations for Symantec Endpoint Protection settings
http://www.symantec.com/docs/TECH122943
Symantec Endpoint Protection – Best Practices: Stopping Malware and other threats
http://www.symantec.com/theme.jsp?themeid=stopping_malware
Security Best Practice Recommendations http://www.symantec.com/docs/TECH91705
Best practices for responding to active threats on a network
http://www.symantec.com/docs/TECH122466
Hope that helps!!