I had a sample of adware.mirar. VT coverage was >98 percent. The file itself was even published by MIRAR(file properties). Symantec on VT detects it. Norton on my computer does not. what I also downloaded some malware (virut), contained inside an achieve today. Now, WinRar extracts the files to a temp. location, then copies it to where the user wants it. I extract virut.Symantec detects and removes virut from the temp file location. However, the file, still makes it to my desktop. I upload to VT and coverage is very consistent. MD5 matches sample from temp. file location. And Norton does not flag the file as malicious. I forward to SSR, and after a human analysis, it's still deemed as clean. Is there a reason for the unusual and inconsistent behavior I have experienced? I'm know that I had the latest definitions; all my definitions were not outdated by more than 15 minutes in each scenario.