You would like to know if Symantec Endpoint Protection (SEP) has capabilities to gather evidence to determine how a computer or environment has been infected.
Symantec Endpoint Protection is a tool designed for security rather than forensics. Computer forensics is separate discipline of computer science with its own specialized tools, techniques and focus. Some information of interest to forensic investigators may be available in SEP's logs, depending on where the threat came from, and which rules and logging were configured at the time of infection:
Risk Tracer is an interesting functionality:
Other relevant information on Symantec's Connect: