Question RE: v. 22.x Protection While Disconnected From Internet

This is a hypothetical question for the Symantec employees and beta testers, since I don't have a test machine that I can use to participate in the beta-testing of Norton Security v. 22.x.

 

If I download a malicious file from the Internet that is incorrectly rated by Download Insight as "Good" (e.g., a recently released malware variant whose SHA256 / MD5 signature is not in the Symantec database), what happens if I execute that malicious file while disconnected from the Internet?  Symantec is advertising the "next-generation SONAR technology" of v. 22.x here, but does that behaviour-based real-time heuristic detection still work locally to protect users while they are disconnected from the Internet?

 

I would hope the answer is "yes" (or at least, "yes, in theory"), but after reading a few of PRIOR's posts in this board about Download Insight failures with v. 22.x (see here for one example) I have some concerns about Norton Security's increased reliance on cloud-based protection and how well SONAR would protect me while I'm disconnected from the Internet.

 

In a related question, have any beta-testers tried to copy known malware (e.g., a virus or trojan whose signature would normally be detected by Download Insight) from an infected USB stick to their hard drive while disconnected from the Internet?  Should File Insight or some other v. 22.x feature detect  this malware in real-time as it's copied to the hard drive under these circumstances?