I recently-ish received a sketchy looking email that contained a file that ended with ".pdf.zip". I removed it, obviously. Half an hour or so ago Norton came with a popup while my PC was idle, saying a security threat had been resolved. Apparently it was of a malicious .js file located in my main email account's trash folder. Now, obviously it's all fine since Norton got rid of the threat, and all scans I did (regular scan, Power Eraser, Malwarebytes Anti-Malware) came out clean. I also haven't noticed anything weird.

It's not so much about said file though, it's more about when Norton decides to look for and respond to threats. What exactly determines Norton's response? What are the conditions that have to be met? As far as I know whenever a malicious file is moved or copied, Norton will take action, ignoring .zip files. Does it only detect a threat once it shows activity of some kind? Or does it remove it when it happens to bump into it by accident, regardless of it showing activity or not?

I don't really recall since it seems to vary a lot per file type. Can anyone clarify on this? I'm just really curious about how and when Norton Security detects threats, and decides to take action. I can't really find any detailed information about this.