You have created a firewall rule using Symantec Endpoint Protection (SEP) to block outbound connection to tcp/25 and this rule has been correctly applied to the clients. However, the rule doesn't seem to have any effect.
SEP POP3/SMTP email scanner is installed and enabled.
This behavior is by-design. When the POP3/SMTP email scanner is installed and enabled email messages are passed from the client software to the Symantec email proxy (which provides POP3/SMTP antivirus functionality). The Symantec email proxy then sends the scanned message to the server. Because the email proxy is considered a trusted process it is allowed through the firewall.