Per the subject, I've had about 5 reports this morning from various different sites and companies (that aren't related except for all using SEP12) of a blocked attack. The filename is always sh165[1].htm and in Temporary Internet Files.
I figured it's being served up as an advert as one person that received the notification only had one webpage open (a Radio Player) at the time. The contents of the file don't look particularly dodgy (but what do I know) - but it's related to "AddThis utility frame" / "www.addthis.com"
I've uploaded the file to www.virustotal.com to see if it was getting any other hits but it looks like it's just Symantec at the moment. https://www.virustotal.com/en/file/5bcd9a716ba1564bf21bf3fa6f55133f076f53b2b17c0177fa5a78dc2bc5c2aa/analysis/
Again, I'm not saying this is definitely a false-positive but it could be and if I've got 10 reports of it this morning, I'm sure other people using SEP are getting panicked calls too.