Is there any documentation that affirmatively states this?
None other than the already-linked ones that I am aware of. We only ever had to deal with a few inquiries over the years along these lines, and they were easily dispatched (although none were as amusing as the German industrial concern who complained to us that GhostCast was slow and could we fix it, and by the way they had disabled all multicast and all broadcast connectivity both inside and between every subnetwork in their enterprise, and would not enable either "for security" - dealing with malware by preemptively destroying your own network isn't just in the Onion).
It's worth pointing out that the development teams have traditionally had no access to the KB systems which were run by Technical Support, and thus the KB systems thus tended to contain a lot of inaccurate statements because they were put up without review or expert checking. KB documents may be "official" but that's not the same as being accurate - only a choice few documents in the KB system (like the one linked above) were actually prepared by the dev team, and I'd seen more than a few KB documents which came from taking my internal e-mails or public forum posts and editing them, rendering them inaccurate by the removal of important context.
If you want someone with an @symantec.com e-mail to check that the port numbers are all hardcoded #define's in the header files, then you'll probably need to raise an official support ticket and they'll forward it to the maintenance guys who can verify it for you.
I must disagree with your security assessment
Hey, it's your network. Given that I am well-versed in these kind of security issues, I nonetheless felt it worthwhile to make an informed contrarian point.
Serious Network Situational Awareness tools easily distinguish between the kinds of traffic being talked about at very large scales, and even if the primary threats being defended against are insider ones (rather than ones originating externally, where filtering *is* an important tool) it should be clear that in general a policy of actually using such situational-awareness tools is more valuable than preemptive network-level filtering of only the most easily-detected traffic which *might* be illegitimate (and has the advantage of not just diverting the threat traffic to harder-to-monitor channels than something as "hey! look at me!" than botnet control via IRC in plain text).