heuristic virus/trojan alarms are usually nice words to say we do not know what it is, but similar file by size and hashtag is found in our database so we better report is as virus/trojan in case it is found true we can brag that we already detected it. Blah, Blah, Blah
We fight(read report) with Norton for years, as occasionally they decide MMW development is too fast and they can't update their white list fast enough.
Today Viruses/Trojans wants to steel your sensitive data and send it to someone that can sell it to someone that can use it or use ransomeware to take your money. Making Viruses and being a hacker today is a very good paid job like any other we surpassed the time when hackers had code and decency when all is done for fame and innovation. Except for maybe Spectre/Meltdown Exploits that force both Intel and AMD to invest bit more into R&D.
To conclude in today terms only real antivirus is Hardware Firewall tightly set, period.
To test one virus I own, I have set VM PC infected with ransomware that from time to time report Translated: "I can't encrypt your files because you do not allow me to mine hash key from ... and report it to ... to one that will take your money. So please disable firewall so that I can take your money" I need to fetch screenshot once so that you all can also laugh what ridiculous msg I get when it fails. How to do that, simple install VM PC update it till last update, block all inbound and outbound access while still leave internet available, then install ransomware and log and IP access connection on your firewall from that PC for next 24h. Then from safe PC simply filter those that are safe (Microsoft update, LAN Multicast [UPNP/DLNA], ....) and repeat till you have all safe Outbound IP addresses filtered and no new once created, then it should be easy to isolate Ransomware app and delete it yourself.