Network Threat Protection, should be enabled and installed.
TruScan Proactive Threat Scan should be changed from their defaults
Bloodhound should be set to maximum
Odds are this issue will be greatly reduced or eliminated altogether if the above are done.
Symantec Has a malwarebytes like tool already built in! It's called PowerEraser, it's available on clients running RU5 or higher. It's completely separate to SEP, so that it wont be affected by viruses, and does an aggressive scan to clean and eradicate viruses, where SEP does a scan and tries not to break things...