Just an update, don't know why I didn't think to do this but we had an additional detection again on the ssame computer, and so I took the file hash and put it into VirusTotal and it came back as support.exe which seems to be associated with QuickBooks, which is in fact running on the server. Not that I'd draw conclusions from this potential coincidence but 0/67 companies found this hash to be malware, so I'll live with that. Funny enough, SEP sees it as an advanced heuristic malware, yet Symantec, under Virus Total, sees it as clean. I'm guessing Symantec is just providing Norton-level data to VirusTotal perhaps.
Still dosn't explain why each detection (3 in total since including when I posed), never actually put any file in quarantine even tuough it says it did, and how I can never find the support.exe file, except in the QB folder, but manually scanning the file itself never produces a detection, yet, each time I get an alert, it was from a Scheduled Scan.
I can only conclude by guessing that "> >support.exe" as the dettection data indicates, is an unpacked version runing in memory perhaps with different file characteristics than it's dormant on-disk version and the Scheduled Scan is finding it there, Shrug.