When reviewing the Incidents that Advanced Threat Protection 3.x or Symantec Endpoint detection and Response 4.x is creating, you notice they include Events from Endpoint clients for files you have added to the whitelist. You may also see Sandbox submissions for whitelisted files in the Actions menu.
The ATP/SEDR whitelist only applies to Network detections and Endpoint Insight queries. It does not preclude these items from being correlated along with other events into an Incident or being submitted to the configured Sandbox.
If you need to whitelist against all Endpoint detections for this file, you will need to create an Exception to prevent your clients from creating detections for the file that the appliance will trigger on.