Hi uwwjoe,
Casper Suite has a reputation of being a very useful set of tools. It can help install SEP for Mac, for instance.
Exporting and Deploying a Symantec Endpoint Protection Macintosh client via Apple Remote Desktop or Casper
http://www.symantec.com/docs/HOWTO92266
I have not seen that Recon Utility, but I suspect that it is pereforming actions that triggers SEP's defenses. This also occurs with other automated tools that scan the clients and attempt to enumerate their open ports, etc etc. It is correct that SEP should respond in this way to such scans. The following article has more information:
Symantec Endpoint Protection for Macintosh: IPS Overview and Troubleshooting
http://www.symantec.com/docs/TECH212382
Please do update this thread with news if this has been helpful!
With thanks and best regards,
Mick