Also if you download the zip with your browser SEP blocks it as does sophos.
In my environment, it's possible to download the eicar.zip file by IE, but Firefox is blocking it. But Firefox does not use SEP for blocking but Google Safe Browsing. If you disable Safe browsing in the Firefox security settings, eicar.zip will be downloaded as well.
SEP does not detect zipped (eicar) files with Auto-Protect or IPS.
Other security products are following other philosophies. If you pass on the real time Auto-Protect testing of zipped files, it's better for performance but malware will be detected later. That's Symantec's way. Apparently, Sophos (and other like MS SCEP) prefer early finding of viruses at the expense of performance.