Symantec endpoint encryption is like a rootkit. PGP has the same characteristics. Trying to migrate that and hoping to end up with a stable system is highly unlikely to happen.
Since you'll need to purchase a windows license for the VM anyway, why not just build a clean one and install the corporate apps (keeping in mind that SEE may not function properly in a VM (PGP does work).