Norton Insight

Norton Insight allows the smart scanning of files on your computer. It improves the performance of Norton scans by letting you scan fewer files without compromising the security of your computer.

A Norton scan can identify threats on your computer in the following ways:

The Blacklist technique

At regular intervals, Norton obtains definition updates from Symantec. These updates contain signatures of known threats. Each time when Norton obtains the definition updates, it performs a scan of all of the files that are available on your computer. It compares the signature of the files against the known threat signatures to identify threats on your computer.

The Whitelist technique

Norton obtains specific information about the Files of Interest and submits the information to Symantec during idle time. The information includes things such as file name, file size, and hash key. Symantec analyzes the information of each File of Interest and its unique hash value and provides a confidence level to the file. The Symantec server stores the hash value and confidence level details of the Files of Interest. The server provides the details immediately after you open the Norton Insight window. Even the slightest modification of the file causes a change in the hash value and the confidence level of the file. Typically, most Files of Interest belong to the operating system or known applications, and they never change. These files do not require repeated scanning or monitoring. For example, Excel.exe is a file that never changes but you always scan it during a normal security scan.

Symantec assigns the following confidence levels to Files of Interest:


Symantec analyzes the file as trusted based on the statistical evaluation that is done on the files that are available within the Norton Community.

If the file has three green bars, Symantec rates the file as Norton Trusted.

The files that have three green bars display a Norton Trusted pop-up text when you move the mouse pointer over the green bars.


Symantec analyzes the file as good based on the statistical evaluation that is done on the files that are available within the Norton Community.

Symantec rates the trusted files as follows:

  • If the file has two green bars, Symantec rates the file as Good.

  • If the file has one green bar, Symantec rates the file as Favorable.


Symantec does not have enough information about the file to assign a trust level to the file.


Symantec has only a few indications that the file is not trusted.

The Whitelist technique that Norton Insight uses also helps in heuristic detection of suspicious applications. Normally, the execution behavior of well-known applications appears identical to the execution behavior of unknown applications. Such behavior results in false identification of good applications as suspicious, and therefore, necessitates security applications to maintain a low heuristic detection threshold. However, keeping a low detection threshold does not provide a complete heuristic protection against malicious applications. Norton uses the Whitelist technique that helps maintain a high heuristic detection threshold. It excludes well-known applications from heuristic detection to prevent false detection of well-known applications and to ensure a high detection rate of malicious applications.

Thank you!

Thank you for using Norton Support.

< Back

The solution made it easy for me to handle my issue.

Yes No

Help us improve this solution.

Thank you for helping to improve this experience.

What would you like to do now?

Browse for solutions, search the Norton Community, or Contact Us.

DOCID: v15472458_ns_retail_en_us
Operating System: Windows
Last modified: 12/13/2016