My scan Preformance Profiles setting is set to: FULL SCAN.
I did a FULL SCAN in regular mode and the results were : No Threats Found.
I then did a FULL SCAN in Safe Mode with the following results:
Similar results here. I have 8 detections in Safe mode. All detections are located in MSI files with 6 of these MSI files being located in the Factory Image partition. Scan comparison example below:
In Safe Mode:
Unresolved Threats:
Risks in compressed file "15421.msi"
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Not Attempted
-----------
1 File
[c:\windows\installer\15421.msi] - Not Attempted
In Normal mode:
Scan Statistics:
Scan Time: 1 seconds
Scan Targets: C:\Windows\Installer\15421.msi
Counts:
Total items scanned: 48
- Files & Directories: 48
- Registry Entries: 0
- Processes & Start-up Items: 0
- Network & Browser Items: 0
- Other: 0
- Trusted Files: 0
- Skipped Files: 0
Total security risks detected: 0
Total items resolved: 0
Total items that require attention: 0
Resolved Threats:
No risks have been resolved
Unresolved Threats:
No unresolved risks
I picked up 5 detections during a SAFE mode scan, all in compressed files. I believe all of them were MSI's - I saved a screenshot of them and will check later.
I'm still running other scans. the NBRT scan just completed as I started writing this reply with NO detections.
My next scan will be SAFE mode with networking to see if this makes any difference.
More to follow.
Allen
Hello Everyone,
I can't look into this right now, but I can on Monday. Looks like there might be a problem, and I have a feeling scanning with networking on might make a deference. Please let us know AllenM if it does.
HI michaell,
The SAFE mode with networking appears to have made no difference.
SAFE mode both with and without networking detected 5 heuristic detections, all with MSI files. Now interestingly enough I just noticed that when viewing the details of those detections it actually only shows 3 detections depicted in the final screen. Five were shown as detected during the scan itself, all heuristic.
So to summarize: SAFE mode with and without networking indicated 5 detections, even though only 3 shown on the final screen. NBRT and NIS full scan under Normal mode showed NO detections.
Screenshot below.
Best wishes.
Allen
Hi ProTruckDriver,
I can say that this is not a bug. Safe Mode scan is most powerfull. In safe mode, only windows files will be loaded.
In normal mode, all files & services are loaded and if you are running a Full System scan there is a chance for getting some Heuristics to get skipped ( If the services are running ).
But in Safe mode, those services will not run and Norton will detect the same.
My scan Preformance Profiles setting is set to: FULL SCAN.
I did a FULL SCAN in regular mode and the results were : No Threats Found.
I then did a FULL SCAN in Safe Mode with the following results:
Sym_KeN wrote:Hi ProTruckDriver,
I can say that this is not a bug. Safe Mode scan is most powerfull. In safe mode, only windows files will be loaded.
In normal mode, all files & services are loaded and if you are running a Full System scan there is a chance for getting some Heuristics to get skipped ( If the services are running ).
But in Safe mode, those services will not run and Norton will detect the same.
NBRT also does not find any problems with these same MSI files.
I also do not recall NIS 2011 reporting these issues during a Safe mode scan but I can test this again on my test laptop tomorrow if desired.
Best wishes.
Allen
AllenM, could you do that? Would be interesting to see if there is a difference. I am still going to test it myself Monday to double check this.
michaell wrote:AllenM, could you do that? Would be interesting to see if there is a difference. I am still going to test it myself Monday to double check this.
Hi michaell,
Sure, will do. 
Thanks
Allen
Same problem here! Safe mode scan finds several Heuristic Virus and ONLY in compressed files. NPE, NBRT, Normal Mode full scan and a checking by VirusTotal online find nothing. Also a Normal Mode Custom Scan and a Reputation Custom Scan of the same files find nothing.
Same here. Did a normal full scan yesterday, nothing detected. Did a full scan in safe mode yesterday too, five items detected; However, all five of them were in perfectly ligitimate files, MSI's from Sun (ODF plugin for MS Word) for example and a couple of Lenovo system files downloaded by Lenovos updater, go figure. Doesn't need to mention I did not let them take care off... Another one was in one of Mobile Masters files, which is a paid-for cell phone managing application. Since I don't use that anymore and it therefore was already uninstalled a couple of weeks ago, I manually removed the remnants of it, so they're gone.
i experienced the same kind of results too
detected those files ending with .msi as virues
and i removed them cause i no longer in use.
i also not sure whether they are real virues or not
NIS12 Safe Mode Full Sys Scan
Does Aggressive Heuristic come into play ...are these FP because of Aggressive Scan Heuristic or should I Resolve all Unresolved Threats. Or, go to bleeping. 
Scan Statistics:
Scan Time: 2,512 seconds
Scan Targets: Entire computer
Counts:
Total items scanned: 451,837
- Files & Directories: 449,770
- Registry Entries: 263
- Processes & Start-up Items: 1,154
- Network & Browser Items: 645
- Other: 5
- Trusted Files: 0
- Skipped Files: 0
Total security risks detected: 13
Total items resolved: 0
Total items that require attention: 13
Resolved Threats:
No risks have been resolved
Unresolved Threats:
Risks in compressed file "wiscddcbbf1270346bc938bbcc81a1eeaaa_4_35_0_1002.msi"
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Not Attempted
-----------
1 File
[c:\program files\common files\wise installation wizard\wiscddcbbf1270346bc938bbcc81a1eeaaa_4_35_0_1002.msi] - Not Attempted
Risks in compressed file "hp active support library.msi"
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Not Attempted
-----------
1 File
[c:\swsetup\sp41377\hp active support library.msi] - Not Attempted
Risks in compressed file "unhide.exe"
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Not Attempted
-----------
1 File
[c:\users\bjms\desktop\programs\unhide.exe] - Not Attempted
Risks in compressed file "sp41119 hp total care advisor update 2009-03-16.exe"
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Not Attempted
-----------
1 File
[c:\users\bjms\downloads\hp compaq\sp41119 hp total care advisor update 2009-03-16.exe] - Not Attempted
Risks in compressed file "488217f.msi"
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Not Attempted
-----------
8 Files
[c:\windows\installer\488217f.msi] - Not Attempted
Risks in compressed file "60b5b6c.msi"
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Not Attempted
-----------
1 File
[c:\windows\installer\60b5b6c.msi] - Not Attempted
Category: Unresolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename
2011-09-18 4:21:00,High,"Risks in compressed file \"60b5b6c.msi\" detected by Virus scanner",Attention Required,Remove this Security Risk now.,c:\windows\installer\60b5b6c.msi
2011-09-18 4:19:38,High,"Risks in compressed file \"488217f.msi\" detected by Virus scanner",Attention Required,Remove this Security Risk now.,c:\windows\installer\488217f.msi
2011-09-18 4:18:42,High,"Risks in compressed file \"sp41119 hp total care advisor update 2009-03-16.exe\" detected by Virus scanner",Attention Required,Remove this Security Risk now.,c:\users\bjms\downloads\hp compaq\sp41119 hp total care advisor update 2009-03-16.exe
2011-09-18 4:17:09,High,"Risks in compressed file \"unhide.exe\" detected by Virus scanner",Attention Required,Remove this Security Risk now.,c:\users\bjms\desktop\programs\unhide.exe
2011-09-18 4:14:37,High,"Risks in compressed file \"hp active support library.msi\" detected by Virus scanner",Attention Required,Remove this Security Risk now.,c:\swsetup\sp41377\hp active support library.msi
2011-09-18 4:04:57,High,"Risks in compressed file \"wiscddcbbf1270346bc938bbcc81a1eeaaa_4_35_0_1002.msi\" detected by Virus scanner",Attention Required,Remove this Security Risk now.,c:\program files\common files\wise installation wizard\wiscddcbbf1270346bc938bbcc81a1eeaaa_4_35_0_1002.msi
bjm_ wrote:NIS12 Safe Mode Full Sys Scan
Does Aggressive Heuristic come into play ...are these FP because of Aggressive Scan Heuristic or should I Resolve all Unresolved Threats.
I've scanned my files (those found infected by heuristic virus in Safe Full Scan) using Aggressive Heuristic mode in Custom Scan: No Virus Found. It happens only in Safe Mode Scan ed only with compressed files.
noghere wrote:
I've scanned my files (those found infected by heuristic virus in Safe Full Scan) using Aggressive Heuristic mode in Custom Scan: No Virus Found. It happens only in Safe Mode Scan ed only with compressed files.
Granted, and I've had the same results...
Aggressive Heuristic Full System / Full Profile Scans -- Normal Mode ~ 0 Threats
I was just wondering if by being in Safe Mode with fewer processes running. Aggressive has the chance to be more thorough. The same way a Safe Mode scan is likely to be more thorough than a Normal Mode scan just by virtue of the fact that there is less disk activity detracting from a thorough scan. Hope, you understand what I'm trying to say. I do notice... now that you pointed me to it. That the threats are all Compressed files. Have you moved your Unresolved to Quarantine and watched for smoke. Or, are you thinking this is a False Positive anomaly solely caused by Safe Mode & all / certain compressed files. Did the Safe Mode scan detect all my compressed files as threats or is there some commonality to my 13 detected threats / 6 Unresolved threats (one has an 8 count).
Also ran NPE v 2.1 tool w/wo Rootkit & NBRT v 4.1 Norton Advanced Recovery Scan with NPE Recovery Scan (set to scan inactive operating system) ~ No threats found
So, either I leave em' in Unresolved or Quarantine em' and watch for smoke or Clear Entries or Run Quick Scan from Unresolved.
Or, wait for further Community posts.
Never had any Unresolved...so, this is kinda' interesting. NOT!
Thanks, ProTruckDriver for posting Topic!
timboyboy wrote:i experienced the same kind of results too
detected those files ending with .msi as virues
and i removed them cause i no longer in use.
i also not sure whether they are real virues or not
So, you moved the threats to Quarantine?
bjm_ wrote:
Or, are you thinking this is a False Positive anomaly solely caused by Safe Mode & all / certain compressed files.
They are surely False Positive and I did'nt move them to Quarantine (it could be a problem for the system). They remain Unresolved in my Chronology, even if there isn't anything to resolve. I'm going to delete that Chronology, so I have no more to see that issue....
noghere wrote: They are surely False Positive and I did'nt move them to Quarantine (it could be a problem for the system). They remain Unresolved in my Chronology, even if there isn't anything to resolve. I'm going to delete that Chronology, so I have no more to see that issue....
Thanks for your reply. I will leave my so called Threats in Unresolved for now. Symantec may want info. Community Watch may submit info from Unresolved. I agree and suspect them as FP or an anomaly...but, I may Quarantine and restore from Quarantine after Symantec chimes in. Or, just Clear Entries after Symantec chimes in. Interesting, I had not considered moving to Quarantine could be a problem for the system.
Thanks
Sym_KeN wrote:Hi ProTruckDriver,
I can say that this is not a bug. Safe Mode scan is most powerful. In safe mode, only windows files will be loaded.
Hello Sym_KeN
Since you say this is not a bug. What do you suggest we all do with our Unresolved Threats. Since, you say this is not a bug. Then perhaps scanning from Safe Mode (at some interval) should be posted as a Symantec recommendation. Since, this is not a bug then the default monthly Full Sys Scan should be from Safe Mode. Since, this is not a bug. NIS12 may be a better mouse trap than we realized... before ProTruckDriver posted this Topic. Since, this is not a bug.
Respectfully
bjm_