I think I understand the whole reputation cloud thing.  However, increasingly these zero day exploits are not an executable file, rather they are a files (content) which exploits some generally exploit a newly discovered vulnerability of an already known and trusted application by the Cloud and Symantec.  For example, the usual suspects are in the news again PDFs and Flash.

Now, sooner or later, Adobe will release its next security patch which should be good for a few days to close the current holes.

But while the holes are open and exploits are showing up, how exactly does NIS11 protect me?  Do these media exploit files have a signature?  Are the files and not just EXEs known in the Cloud?  Are the Web sites serving them flagged for IPS warnings?  Why are my chances as a NIS11 user better than Joe - "I don't use my PC for banking and so I don't need no NIS.".

One of the main reasons, I wanted to stop running legacy NIS09 and move on to NIS11 is reducing exposure to zero day attacks.  So, how exactly is NIS11 protecting me from the latest of PDF and Flash attacks?

Thanks.