Is there any procedure/document from Symantec for Incident Handling particularly when there is a virus outbreak?

The procedure for monitoring, contain & mitigation of the virus outbreak.

Best Practices for Troubleshooting Viruses on a Network

Some more articles see brian comments

https://www-secure.symantec.com/connect/forums/virus-infection-0

See all these articles:

How to utilize SEP 12.1 for Incident Response - PART 1

https://www-secure.symantec.com/connect/articles/how-utilize-sep-121-incident-response-part-1

How to utilize SEP 12.1 for Incident Response - PART 2

https://www-secure.symantec.com/connect/articles/how-utilize-sep-121-incident-response-part-2

How to utilize SEP 12.1 for Incident Response - PART 3

https://www-secure.symantec.com/connect/articles/how-utilize-sep-121-incident-response-part-3

How to utilize SEP 12.1 for Incident Response - PART 4

https://www-secure.symantec.com/connect/articles/how-utilize-sep-121-incident-response-part-4

Security Response recommendations for Symantec Endpoint Protection 12.1 settings

http://www.symantec.com/docs/TECH173752

Security Response recommendations for Symantec Endpoint Protection 11.x settings

http://www.symantec.com/docs/TECH122943

Security Best Practice Recommendations

http://www.symantec.com/docs/TECH91705

Is your system infected? Symantec tools to help clear an infection

https://www-secure.symantec.com/connect/forums/your-system-infected-symantec-tools-help-clear-infection

Symantec Endpoint Protection – Best Practices

http://www.symantec.com/page.jsp?id=stopping_malware

One drawback with the Symantec Help (SymHelp) tool is that the system need to have the Internet connectivity. How can I use the incident handling when the systems are not connected to the Internet>

The tool needs access to connect to the reputation database but will still function in removing threats based on content that SEP has