If a computer goes to the page that is infected, SEP detects the threat and reports it to the Manager. This is all be design. Even if SEP stops the infection, you are still notified via the manager. If you need to clear the infected status, you can do it via the SEPM
Also if Flash is being seen on the site, then the infected file would be saved as well, since it tranfers to the computer in order to view the Flash animation (I believe this to be true, I am not too proficient in Flash but I believe that is how it works)