@mhartman
Something that has not yet been covered is the version of SEP you are running.
In SEP 12, you can have different exclusions for continuous, manual or scheduled scans.
In SEP 11, that is not the case. If you apply centralised exclusions, they apply to every type of scan. Thus your manual scan might not pick up an infected file if it is in an excluded directory. It might however be picked up when the backup engine is reading the contents of the file. At that time, I guess the infected file is part of the backup engine process & will be scanned which triggers your alert?
Just a thought. Would be nice to hear from Symantec developers about this.