Not what you are looking for? Ask the experts!
I have a customer with Norton Security (updated, latest version), had some strange things going on, ie system reboots. In looking into, noticed there was an additional user account created and logged in and the guest account was re-enabled. I disabled guest, deleted bogus account, changed the customer password and started running scans. The full system scan only came up with heur.advml.B, which seems to be a generic hit. My question, how did this get past Norton in the first place? Why is it only seen on a full scan, vs quick scan? I would deem this more of a higher risk that what it's labelled as we have a system breach, with unwanted activity.