Currently Symantec Endpoint Encryption 11 only supports a lockout "delay" at Bootguard after multiple unsuccessful login attempts.
Symantec Corporation is committed to product quality and satisfied customers. This Feature Request is currently being considered by Symantec Corporation to be addressed in a forthcoming version of the product.