I have a Windows 10 PC with Norton Internet Security version 22.9.1.12 I noticed an item in my quarantine folder – Detected as Hacktool.Kms it was noted as a Medium Risk. It was detected by the virus scanner part of Norton ( on a quick scan) dated 4/8/17 And found in C:\Windows\autokms.log The file quarantined doesn’t show to be an exe file but this log file In the past ( about 1 year ago –April 2016) there was an item quarantined called autokms.exe that was removed and placed in quarantine. That threat was considered "low". So not sure if the 2 might be related. Interestingly a scan ran on 4/7/17 and it didn’t detect anything. However the next day a scan detected this. Any idea why this may be so that it wasn’t detected the previous scan? Did definitions change? I ran another scan this morning and it came up clean. I also checked my C Drive and there is no autokms.exe or autokms.log