See all these articles:
How to utilize SEP 12.1 for Incident Response - PART 1
https://www-secure.symantec.com/connect/articles/how-utilize-sep-121-incident-response-part-1
How to utilize SEP 12.1 for Incident Response - PART 2
https://www-secure.symantec.com/connect/articles/how-utilize-sep-121-incident-response-part-2
How to utilize SEP 12.1 for Incident Response - PART 3
https://www-secure.symantec.com/connect/articles/how-utilize-sep-121-incident-response-part-3
How to utilize SEP 12.1 for Incident Response - PART 4
https://www-secure.symantec.com/connect/articles/how-utilize-sep-121-incident-response-part-4
Security Response recommendations for Symantec Endpoint Protection 12.1 settings
http://www.symantec.com/docs/TECH173752
Security Response recommendations for Symantec Endpoint Protection 11.x settings
http://www.symantec.com/docs/TECH122943
Security Best Practice Recommendations
http://www.symantec.com/docs/TECH91705
Is your system infected? Symantec tools to help clear an infection
https://www-secure.symantec.com/connect/forums/your-system-infected-symantec-tools-help-clear-infection
Symantec Endpoint Protection – Best Practices
http://www.symantec.com/page.jsp?id=stopping_malware