May be due to the presence of a virus.Assure that it is having all latest patches and AV defs.Remove any shares which is having write permission.Turn off system restore and scan the PC in safe mode.

These KBs also will be useful to you

Using SEP 11's Network Activity Tool to Identify Suspicious Processes

Best practices for responding to active threats on a network

You can also scan and clean the system with the Power Eraser tool or the SERT Tool.

http://www.symantec.com/business/support/index?pag...

Power Eracer Video - https://www-secure.symantec.com/connect/videos/pow...

SERT - http://www.symantec.com/business/support/index?pag...

Best,

Thomas

What's the ip address?

Right, what IP address is it? Is it a server IP? Check nbtstat -a to see if it is a Windows box, and it's inside the network. 

Thanks for all those who replies......

The IP address that is mentioned is of LAN.Actually the problem is that in the environment we have a proxy and in that no of connections per sec for an ip is set to 100 and if more than that block the IP.Whenever the ip is blocked, the network administartor is saying that there many be any malware running behind.Is that true?

Also if that is not true,what can be the other reasons and how to troubleshoot for that?

I have tried SEP support tool, in that it is giving only info about SEP client and its activity.What to do to find if any suspicious threats running?Also the network activity tool,many processes running.When I opened one firefox browser for exapmle it is showing too many process from the firefox running,what it can be?

check the processes name in google to know if is known process.

As far suspicious file is concerned, you need to pass on the sep tool results with load point to Symantec, they will analyze and and may ask to submit the file for analysis. 

Hi,

As mentioned by you and if i udnerstand correctly..you see multiple connections from a single IP address. If my statement is correct, then :

Firstly, not every suspicious behavior is a virus, malicious or an infection on the system.

Secondly, as the connection is from a single IP :

1. Check the ports that are opened for and on the system.
2. Check the task manager for the process if high CPU or memory Usage.
3. Look for the open shares on the system.
4. You may want to use Wireshark tool to sniff communication to and from that system.
5. Atlast, try isolating that machine from the network (if not business critical) and see if that makes any difference.
6. If it isolating the machine does benefit, then look for startup items and non critical system services to be disabled.
7. Lastly, Scan the machine with latest AV definition for your AV application.

In case you have the SEP installed with NTP, you can benefit yourself by using the Risk Tracer feature.

On the XP box, run the netstat command to see active connections. If you are concerned about malware, pull the machine off the network and use the SERT tool (boot CD) to run a scan.

Take a look at the port numbers listed for the active connections in netstat. Make sure the Windows firewall is is turned on.