Hello,
Many threats inject into legitimate services, etc, to hide themselves. SEP will block those.
Check these links below:
http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=24187
http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=25297
In such cases, there are few things, you need to look at:
1) Make sure the autorun.inf is turned off.
2) Check if the host file has not been changed or you check if the same is not tampered with.
3) If there are any unknown Browser Helper Objects, please disable and remove their enteries from the registry.
4) Make sure the server is up to date with all the Latest Microsoft Security patches and all Browsers are running the latest version.
5) Run the Symantec Endpoint Support Tool, which would identify the suspicious file on your machine and the same have to be submitted the Symantec Security Response Team.
Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.
Hope that helps!!