Hi, I need some important info regarding the way that inclusions and exclusions work.

Earlier today, I was attempting to download a file I was entirely certain was safe. Norton flagged it, which has happened to me a few times before with stuff often the beaten track, usually as a false positive. Assuming it to be such, I excluded it from Scans, SONAR, etc.

As soon as I attempted to run the file, however, I realised something was amiss, as it attempted to install some kind of bloatware (and I assume did install some other stuff in the background).

I soon tracked the problem to its source; in the comments of the source someone had noted that, in the labyrinth of links leading to the download page, one of the banner adds was set up maliciously to fool users into downloading a targeted virus package, tailor made, named after the file I was searching for and all.

Obviously, I immediately deleted the exclusions and ran a scan (as well as downloading the correct file), but nothing came up.

Is there any kind of legacy exclusion tags or something that Norton has left on the files from the package including the trojan? Or, now that I've removed the exclusions, should any malicious software appear in scans as expected?