When Norton Internet Security 2010 or Norton AntiVirus 2010 performs a full system scan, is the in-the-cloud reputation-based rating of an executable file used in the determination of whether that file is malicious? Or, does the assessment of malware during an on-demand scan only utilize the local signature database?

Note that my question concerns the evaluation of all executable files resident on the PC during a scan -- not just “files of interest” (defined by Symantec as those relating to running processes).

Thank you.