https://support.symantec.com/en_US/article.TECH190753.html
https://support.symantec.com/en_US/article.HOWTO80962.html
https://support.symantec.com/en_US/article.TECH104430.html
Action taken is what you define in a policy to SEP clients, on what to do if SEP clients detects something Malicious.
However what if that FAILS, is what the Secondary action is all about.