12.1 RU1 is slated for early November. Slated being the operative word meaning subject to change until actually released :). We should be careful about terminology, a 'false postive' is the quarantining or catching of a good file by SEP or other real time security agent and treating that good file as malware. This is NOT the case here at all. There is no False Positive. Please do read the above referenced technote. Please refer to the defect referenced above (2488243)and open a case with Symantec Support if you wish to see a change in product behavior. To recapture-the defect 2488243 is for 12.1 RU1 and is about the disabling of the pop up not working per SEPM checkbox UI.
The pop up stems from a code path that can be from other causes besides malware being detected and remediated when logged out, and is somewhat as by design in my research but will leave that to the engineering whom wrote the code for final say. It may or may not be an easy fix as is any issue. Let's be clarified- IF there is a risk discovered it WILL be LOGGED, and the end user can see the log, as well as the SEPM will be sent the logs. When the user is logged out. Feel free to go ahead and test with the eicar test string, log out, and shcedule a scan for the logged out time.
So if you are desiring to:
A) Keep the pop up warning for end users when they are logged out whether it is malware or not cause.
B)Want to see the non malware pop up reason logged, or perhaps not popped up in the first case (up to debate)
Then please open a tech support case, reference defect 2488243, this blog, the above referenced technote.
If all you want is to :
A) Know that a piece of malware is caught and logged, this is already the case today,when a user is logged out.
B) To suppress the warning message when user is logged out, it is in 12.1RU1 and should be working in any 11.0 RU6 or later release train today.