Norton AV Cloud - How does it work?

I tried searching the forum for the answer to this question but couldn't find much.

How I understand Prevx to work is it creates a hash of a file then checks it against a vast online database. Should the file hash not exist, it upload part or all of the file to the server for sandboxing. The file is then listed accordingly.

How does the Norton AV Cloud work?

 

This can help
Norton Insight(You tube video)

 

Works along the same lines then

The reason I ask is I have just installed Norton Internet Security 2010 after I had problems with Kaspersky Internet Security 2010. Like most people on here, I have downloaded a pretty new trojan from MDL to test it out, and Norton popup up a message to say this file is safe. Very strange

 

Might be it is a rogue AV....Have you run that file? I am sure SONAR will popup and tell you the exact behavior of the same file

 

This is the file in question.

~ VirusTotal link removed per Policy ~

I'll run it through a sandbox and see what happens.

 

Does the Norton Cloud analyse unknown files or just warn against them ?

 

I am not sure about this but AFAIK it is based on community review. But in case if you run a malware which is not detected due to no signature availability then SONAR will come into action, and will block it according to its behavior ..

 

You’ll find detailed explanations of the protection mechanisms within the Norton Protection Blog.

 

Yeah SONAR will notify how mature is the file and how many users in the norton community have used this file and accordingly it will notify mostly it will recommend the user not to run until sufficient info is collected by symantec and even after that the user runs the file then SONAR comes in to action