#ONTAP ARP feature behavious

Good question. Never really understood that too.
The docs say you should first restore your files and then basically mark it as "possible ransomware attack". Which should "release" the ARP snapshots so they get deleted again automatically.
https://docs.netapp.com/us-en/ontap/anti-ransomware/respond-abnormal-task.html

The “suspected files are ignored” message should be a bug. I would recommend to report it to NetApp.

Oh and what ONTAP-version are you using?