If SEP's scanning isn't finding anything and you're still getting notifications for brand new IPS events then it's possible it's user activity causing these detections (i.e. they are accessing an infected site, daily).
Otherwise, you may wish to run power eraser on the machine for a more in-depth scan (https://www.symantec.com/docs/HOWTO101744)