Critical Systems Protection (https://www.symantec.com/products/embedded-security), or Data Center Security: Server Advanced (https://www.symantec.com/products/data-center-security, or whatever you want to call it) has the function to identify executables by cert publisher, which you can then use to tell it to block access to said files.
It doesn't delete or quarantine though, just blocks access.
It's too bad SEP's ability to apply exceptions by certificate publisher don't allow you to change the action like it does for the Application Exceptions. Perhaps raise this as an idea?