A "twain.log" from C:\Users\...\AppData\Local\Temp was detected by autoprotect as a bloodhound and quarantined.

A dll file was autoprotect-detected as a backdoor and blocked.  Submission to Symantec said the dll file was ok.  It was part of Fruity Loops (a music software)

A exe file was allowed to be downloaded, but upon running was claimed to be a w32 reputation, reportedly quarantined but in fact not quarantined.  A manual scan said the file is clean.

I am guessing log and dll files are possible threat triggers?  I have not faced any false positive from NIS until the first case happened in May.

edit:  Just read up the post about the Reputation false positive, will submit for dispute.