There is an infected process on the machine trying to send what the IPS detects as malicious traffic. It doesn't appear that SEP has an AV detection for it.
Have you tried running Norton Power Eraser on it? That is a more aggressive tool which may detect it.
You could create a firewall rule to log all application traffic to see if you can narrow it down. Personally, I'd just have it re-imaged.