First off, there is nothing illegal about what I do. I am a network professional who performs vunerability tests in white hat/black hat labs where one part of the classroom secures the network and the other half breaks in, so let me get that out of the way.

So students are bringing there own laptops in some of these labs and many of them have Windows 8 and the newest versions of Norton. We have commonly known hacktools we use. Many antivirus programs obviously identify them as a security risk, and I well understand why, it is not a problem to have them excluded. What concerns me is a tool like cain and abel, will scan as safe, this is a well known cracker, so no concerns there for norton? seems off when others are identifed as security risks, so do they actually contain a virus too? A program from the same company arkworks however comes up as hackool.somethingorother then when looking up on Norton says it is a hacktool used to inject ARP packets, which is the function of the program so in other words other than being a dangerous hack tool, is not a virus.So myself and the students exclude it in scans. However, I am hesitent in other not so clear cut cases. It comes up saying other programs used for hacking are in fact worms... I am curious as to whether it is identifying hack tools incorrectly as a worm or security threat because it is lets say a keylogger or the keylogger can be used for nefarious purposes itself or does in fact contain a trojan as well it being possible to use it for malicious purposes?

I do not feel comfortable telling the students to bypass it in the scans unless I am sure it is safe, other than of course its misuse by the students ;).

Any insight appreciated.