@tekkid: The false positive was from SAV client. not SEP.
@Sandeep Cheema, the good chance was the definition I got supposely corrected the false positive continued to quarantine the valid program files. Here is the the Syamntec developer note:
The sample(s) that you provided are not infected with a virus, worm, or Trojan, and do not contain malicious code. It appears to be a false identification. To solve the false identification problem, please follow the instruction at the end of this email message to download and install the latest RapidRelease definitions.
Symantec is now building a new set of definitions to include the threat you have submitted. The approximate time to complete this process is one hour. We recommend checking the ftp site periodically over the next 60 to 90 minutes to download these definitions as soon as they are available.
Virus definition detail:
Sequence Number Greater Than: 97647
Defs Version: 110706ai
Extended Version: 07/06/2009 rev.35
however, the updated def continues to false postive. I submitted one more time today, I was told the false positve will be corrected in another RP, I hope it does this time.