Hi Auco123,
It is possible to set the action to "log only" rather than delete or quarantine. Generally I recommend that admins leave it at the default, unless they are actively checking logs regularly.
You will need to change the "registry" to accomplish this. Details on the various ways can be found in
SAV for Linux: A (Somewhat) Illustrated Guide Part 2
https://www-secure.symantec.com/connect/articles/sav-linux-somewhat-illustrated-guide-part-2
This thread lists the specific keys that need to be changed....
https://www-secure.symantec.com/connect/forums/configuring-sav-linux
Please update this thread with news if there is additional assistance you need, or confirm this this has worked for you! &: )
With thanks and best regards,
Mick