One of our workstations was infected with trojan.av. SEP detected the program, bot only after it was already running and could not be deleted by the scan. I ended the process manually and deleted the file detected by SEP. I then ran malwarebytes which found other files and registry entries related to this infection. I have the malwarebytes quarantine ready to submit to symantec and am waiting for the web address for submission. I realize that I could use application control to prevent this type of infection, but that is not available on 64 bit windows.