Self-Defending/Learning Network Threat Protection

A cool feature now that you guys have integrated so many things into the end point protection suite would be a dynamic global block list (hosted on the management server) that would be populated based upon administrator defined rules.  As an example: 3 clients (A,B,C) if client A detects a hack attempt from client C, Client A reports the hack attempt along with the source IP address to the management server who then adds that IP address to a global block list.  Client B then downloads the global block list and now automatically blocks Client C from even attempting connection.  After an administrator defined period entries would be cleared from the global block list.

Another idea is to allow SNMP trap/Syslog input and have Symantec Manager add IP addresses from IPS units and perimeter firewalls to send traps with IP addresses to block.