1) Most of us knew that Norton Trusted files are placed in white list and while run it - it will be not scanned by Norton - they can run easily and fast.
In summer 2010 I accidentally meet with Norton Trusted files but after upload to Virus Total (VT) Service was next results:
Each of 7 files is Norton Trusted (NIS 18.1)
In the past I saw 4-6 false positives (FP) from 25-30 VT antiviruses, but I saw that it was really FP - files was from well know Software and Antivirus vendors. Some of Norton Trusted files (in collection was about 70-80 files) was reported by VT as malware but with 0-20 antiviruses, but they was not so strong (in my eyes) and I say that may be they are wrong... but antiviruses with nowadays few false alarms reported me about 7 files that they are malware (based on Avira, Microsoft, ESET and Kaspersky detections).
To review them:
Submission has been sent Fri Dec 17 01:24:40 PST 2010
Tracking #18553851
_________________________________________________________________________________________
2) 2-bytesNorton Trusted file with content of two symbols:
MZ
is Norton Trusted too.
What is the payload of this included in while list item? How much users (more than 100,000 ?) and how often use this file? What for is this file - can it have the payload if it exits on some/many/every machines?