Hi Suren424,
Do you have Symantec Email Security.cloud services or Symantec Messaging Gateway (SMG) in your enviroment?
For .cloud services, directory harvesting attack recognation is build in with "best practice" setting, for better protection, just ensure that "address registration" is turn on, from management portal (clientnet).
For SMG, Login to your SMG management console, Go to "reputation" icon, go to "Directory Harvest Attack" - Configure directory harvest attack recognition and specify actions to take when a directory harvest attack occurs.
Cheers,