Double check the your FW rules:
1. Open Symantec Endpoint Protection Manager
2. Click on Policies button
3. Under view Policies > Select Firewall
4. Edit the existing Firewall Policy
5. Click Rules
6. Right Click Rule Number 2 and Select Add a Blank Rule
7. Right Click Under the Action and Set it to Block
8. Right Click on the Host Select Edit
9. Under Specify host names or addresses of computers that trigger the rule Select : Local /Remote
10. Under Remote Click Add Under Type Select DNS domain
11. Under DNS Domain type the name of the Website e.g. : *.facebook.com
12. Click OK and close the Host List Window
13. Click OK and close the Firewall Policy Window
14. Assign the policy to the desired group
Note : In the Same way if you add *.com in Step 11 it will block the entire range of .com websites
Note : Make sure on all the computers you have NTP installed