Hi John,
First, definitely add more than just AV alone! You are fighting with one arm tied behind your back.
SEP Times in the City: A Helpful Symantec Endpoint Protection Analogy
https://www-secure.symantec.com/connect/articles/sep-times-city-helpful-symantec-endpoint-protection-analogy
Ensure that network scanning is enabled and that clients which connect in to the file server do not have write access unless absolutely necessary.
Ensure that regular backups are made and that these backups are air gapped or otherwise not corruptable from that server's network.
These may help:
Ransomware protection and removal with Symantec Endpoint Protection
http://www.symantec.com/docs/HOWTO124710
Ransomware Do's and Dont's: Protecting Critical Data
https://www-secure.symantec.com/connect/blogs/ransomware-dos-and-donts-protecting-critical-data
Please do keep this thread up-to-date with your progress!
With thanks and best regards,
Mick