Yes, it traps PEEXE files in a scenario where if they mutate too little, they will be identified by standard antivirus. If they mutate too much, they become totally unknown and get removed. Because real-world protection test, as well as other tests most probably only use PEEXE files, it's normal that Norton will get great results, whereas in the Hub I am frequently seeing scripts and Java malware amongst others.
