Note that if the "Show alert upon detection" configuration is unchecked, then no on-screen pop-up will be displayed. Check the Proactive Threat Protection logs to see if an event was triggered by socar.exe. The action taken to the socar.exe file (quarantined, log only, and so on) depends on the SEP client's configured policy.