It has come to my attention that maybe I have a distored understanding of suspicious activity/suspicious item versus false positive

 This of course relates to my recent worries about being infected with a virus

If a virus is indicated as detected and removed, it could still be a false positive right? I mean in such a  case the norton NAV engine is going to see it as a real therat, detect it and remove it

But with suspicious items (I'm referring the the several suspicious vundo items that logged for me a few weeks back) these items are not completely detected as a threat and thus not removed

So one can potentially have an item detected as a virus and it be quarantined, yet the item is harmless

but my real question, if it is detected as a virus/maleware it would have to have all those attributes otherwise it would only be a suspicion, right

(i'm simplifying here)  Or could it be that item  123abc.exe gets the same detection as item123acb.exe because there is no way for the scanner to pick up every little detail