How to handle infections that aren't detected by SEP
We have a third party service that detects when our machines are attemping to connect to known bot networks. When we receive these alerts, we send a desktop technician to take a look at the machine. Sometimes they run a SEP 12 scan, which doesn't detect anything. (If SEP 12 were able to detect it, it would have stopped it in the first place, since it is configured to run in memory.)
For machines in this state, where you know something is wrong, but you can't find any evidence of that with SEP, what should you do? Is there another Symantec tool that is recommended, or are we supposed to just find another third party tool to get a "second opinion" on the machine?