Norton possibly pounding my proxy for 2 certs (several times a second)

Norton 360 for Mac
1

I recently updated the virus refs for 2 MacOSX machines and now I'm seeing my proxy server getting pounded my requests going to:

1489245085.452     63 192.168.243.3 TCP_REFRESH_UNMODIFIED/200 1713 GET http://www.cisco.com/security/pki/certs/ciscoumbrellaroot.cer - FIRSTUP_PARENT/192.168.1.2 text/plain
1489245085.493     38 192.168.243.3 TCP_MISS/503 4437 GET http://cacerts.opendns.com/44863AB1546458D72.crt - FIRSTUP_PARENT/192.168.1.2 text/html
1489245085.495    194 192.168.243.3 TCP_TUNNEL/200 3088 CONNECT keyvalueservice.icloud.com:443 - FIRSTUP_PARENT/192.168.1.2 -
1489245085.643     62 192.168.243.2 TCP_REFRESH_UNMODIFIED/200 1713 GET http://www.cisco.com/security/pki/certs/ciscoumbrellaroot.cer - FIRSTUP_PARENT/192.168.1.2 text/plain
1489245085.685     37 192.168.243.2 TCP_MISS/503 4437 GET http://cacerts.opendns.com/44863AB1546458D72.crt - FIRSTUP_PARENT/192.168.1.2 text/html
1489245085.688    213 192.168.243.2 TCP_TUNNEL/200 3088 CONNECT keyvalueservice.icloud.com:443 - FIRSTUP_PARENT/192.168.1.2 -
1489245085.838     63 192.168.243.3 TCP_REFRESH_UNMODIFIED/200 1713 GET http://www.cisco.com/security/pki/certs/ciscoumbrellaroot.cer - FIRSTUP_PARENT/192.168.1.2 text/plain
1489245085.879     37 192.168.243.3 TCP_MISS/503 4437 GET http://cacerts.opendns.com/44863AB1546458D72.crt - FIRSTUP_PARENT/192.168.1.2 text/html
1489245085.882    192 192.168.243.3 TCP_TUNNEL/200 3088 CONNECT keyvalueservice.icloud.com:443 - FIRSTUP_PARENT/192.168.1.2 -
1489245086.070     67 192.168.243.2 TCP_REFRESH_UNMODIFIED/200 1713 GET http://www.cisco.com/security/pki/certs/ciscoumbrellaroot.cer - FIRSTUP_PARENT/192.168.1.2 text/plain
1489245086.114     39 192.168.243.2 TCP_MISS/503 4437 GET http://cacerts.opendns.com/44863AB1546458D72.crt - FIRSTUP_PARENT/192.168.1.2 text/html
1489245086.117    203 192.168.243.2 TCP_TUNNEL/200 3088 CONNECT keyvalueservice.icloud.com:443 - FIRSTUP_PARENT/192.168.1.2 -

 

 

I think this is Norton checking - not completely sure.  But these log lines occur several time a second now and I would really like to identify the root cause and kill it (if possible).  Since Norton sigs are the most recent change - I'm starting there.  Has anyone else seen this?

 

Thanks,

 

Ian