Endpoint Protection

good afternoon
My argument is as follows
I had too many incidents of a virus called W32.harakit
since apparently a machine inside my network is generating a lot of files
randomized are each different variant of the W32.Harakit
this was detected in the shared folders on my servers
but I'm tired of raising each new threat to Security Response
every time I meet a new random file
the bad thing about this is that all my machines have AV.PTP.NTP SEP
But despite the virus scans and updated signatures are not detected the origin of this

could someone give me a solution to this
thanks

excuse not to discuss that use
Symantec Endpoint Protection 11.0.6 ***

Try enabling Risk tracer in the File System Auto-Protect section of SEP.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007092711352448

The Risk tracer is enabled, when it reaches the release
detect machines that are sending threats
but as such in the machines that I have no reports so random files are not detected when I run the scan
I go into the client registry keys attacker and everything seems to be normal
and as such signature is released for the random file but not the application that launches them
which I want to detect

Have you disabled system restore and auto-play feature on all your drives?  Also, enable network scanning. Increase the sensitivity of Truscan proactive threat  scan, make sure the  computers are  patched with latest Microsoft security updates...........

Inaddition to this, harden your  systems by using application control policies in SEPM

Do you have shared folders?  Sometimes they spread through such avenues. try disabling them if tehre are so

http://www.symantec.com/security_response/writeup.jsp?docid=2008-102011-5014-99&tabid=3

thank you all for answering
I comment as follows
The system restore are disabled by group policy
autorun is disabled by SEP policy
My shared folders I need for my production
commented that only allowed users have write access to these folders

 Thanks Maheshroja'll check the registry keys mentioned in this link

regards

Once the Attacking machine is found..If possible re-image the machine or
Make sure it has all security patches ( windows ) updated.Manually run a full scan on that machine in Safe mode..Make sure the machine is fully clean before re-connecting it to the network.

This is an important point that perhaps had not taken into account

equipment identified are three

thanks for your contribution

machines already have the patches
The big problem is that SEP is me
 detecting and generating random files
but as such I do not detect the application that generates

Clear all temp
%temp% , C:\Windows\Temp
And Delete Temporary Internet Files.

Also Run GMER incase if there is any Rootkit on your system

what is GMER

I'm sorry I do not know that term

GMER is a rootkit detector / removal tool

http://www.gmer.net/

i will do

greetings