Definitions

How does SSR automated system determine if a file is malicious? Does it just scan the file using Norton and/or execute it to exercise SONAR? Does it use unreleased or beta definitions? Does it do a in-depth analysis of its actions?