Gary,
"The "honey-do" list is written on legal sized paper - 2 columns - both sides. 
"
You have me beat. I've been working on mine for a few decades but it never seems to get too much shorter.
Stay well and surf safe
You are correct, Dave. I just checked and that is how the option on my VM is set. It is the default setting, which I never changed.
I didn't realize the effect the option had. See, I learned something else new. 
Actually I learned something new too. If I can learn something new every day then I have made some progress and didn't waste that day.
It must be somethig new, within the last couple years added to the Norton products because I don't recall network traffic being scanned before with the NAT setting.
I had nothing to do last night so I setup XP mode to play around with it again since I have no need to actually use it.
I see another potential problem in installing an AV into it. If the user is using XP mode to only run programs that are not comapatable with windows 7, the user will hardly ever "see" the XP desktop. So if your AV is blinking red in the system tray because of a problem, you may never see it. If Norton pops up a warning box, I don't know if XP mode will display that in addition to the program being run in XP mode.
Another thing is the way XP mode goes in and out of hybernation, you would have to know when the AV needed a reboot because of a program update. It seems with the 2012 products we have gone through several forced reboots so far.
So it seems to me you would want an AV that can just "sit there and work" with a minimal amount of user action or reboots.
Dave
That is the way XP Mode ends up being used on my laptop - very rarely, if I don't start WLM. So, it would be like an actual XP machine being in hibernate. An a/v would not get any updates with the machine hibernated.
I usually start the XP Mode about once a week just to do a manual update of MSE and "sync" the WLM mailbox storage folders with my primary desktop PC.
I doubt Norton will be able to scan incoming mail the same way it scans something downloaded from the internet.
As far as I know, it doesn't scan incoming mail for WLM like it does with Outlook and Outlook Express.
Defiantly not if your using SSL ports to connect to your ISP.
Thats silly how WLM does not have compatibility between the different versions, I might be inclined to use 2 different email clients.
Syncing your mail in the other direction would be safer, it's thats possible. Recieving it on the XP desktop that had Norton installed should allow the files to be scanned as they are accessed (moved to the laptop XP mode).
Other than that, as long as you don't go clicking executable files or attachments you should be fine.
I'm no expert in Viruses but my personal belief is that the main source of infection is through the internet and the most common vectors in my opinion is java and flash.
For that reason, I never use my virtual pc's to surf the internet. I don't even install java, flash, or adobe reader so I don't end up with those vulnerabilities. If I do go online in one, it's either to update something or I may go directly to a known good website to download a legitimate program. But besides that, it's really unnecessary to use a browser in a VM.
I hate to mention this, because I would not reccomend it to everyone.
But in all my years of using virual pc's never once have I ever had one infected. I always recieve any downloded files to my desktop when possible and scan them before moving them into my VPC. I also do not use the browser for normal internet use, and just in case something were to happen, I limit the VM's access to the physical machine by only allowing shared folders that I feel are necessary. (Don't give it access to every single drive if you don't need it so you can limit any possible "spread" of an infection).
It's also very easy to copy the vhd file to backup a "known clean" virtual pc if you have the extra space availible.
If I were using XP mode for a very important task or program on an ongoing basis, I guess I would then use an AV just in case but if you understand the ways that a system can get infected and take precautions it would be very difficult to get infected in the first place.
Dave
Normally, I pull down email on my primary PC, a WinXP desktop. Originally, it used Outlook Express as the email client. It is my wife's PC mainly and I have been forbidden from making any major changes to it. 
When I was planning on getting this Win7 laptop, I knew OE would not be on it, so I switched to WLM on the WinXP desktop because the UI looked so much like OE, I figured it would be easy for her to get used to.
With OE, I would copy all of the .dbx mail store files to my old WinXP laptop for when we traveled. That worked great for us. When we got home from the trip, I would copy all the .dbx files back from the laptop to the desktop.
It wasn't until I received this new Win7 laptop and installed WLM on it that I found out that it used a different version of the MS Extensible Storage Engine (ESE) database and the file structure was not backward compatible. I could copy the mail store files from WinXP to Win7 and Win7 would convert the file structure to the newer version and work fine. The problem came when I tried to copy the mail store files back to the WinXP desktop. I got error messages like crazy because it couldn't read the newer version's file structure.
That's what pushed me to installing Virtual PC WinXP Mode. When I installed WLM in the WinXP Mode VM, it was using the same older ESE version and I could move the mail store database files back & forth with no errors.
I never use IE8 in the VM for general web surfing, as you pointed out. I always use IE9 in Win7. But every once in a while, an email will arrive with a link in it that if I click on it will open IE8 in the VM. These are trusted emails from banks/businesses/financial institutions that I know and trust. I'm trying to get in the habit of copying the link and pasting it into IE9 rather than just clicking on it.
My ISP (Verizon) does require a secure connection (SSL) on SMTP port 465 & POP3 port 995. You are correct, Norton in not integrated into WLM like it is into Outlook & OE, but to date, I have not had any problems because of that.