Symantec Endpoint Protection should log the MD5 hash of all detected threats prior to quarantine/clean/deletion. This is an included feature of the McAfree enterprise AV solution.
For example: 1/5/2015 3:55:02 PM Deleted (Clean failed because the detection isn't cleanable) domain\user C:\Windows\Explorer.EXE C:\Users\user\Desktop\embedded.doc\EICAR.COM EICAR test file (Test) 613e01571b26ced4761cd09e1e36d716 (MD5)