Hi Damon,
Yes, Norton running on my desktop. New website, new installation of the plugin.
Nothing malicious found on the server. I do believe this to be a false positive.
If I delete the default value from the MySQL Query textarea the mailing list record saves without any alert.
Update:
I just went back to test this again and the issue did not occur.
This website was just launched, and the last time I had tested was prior to launch.
Although the site is still on the same server location, the settings were updated with a dedicated IP and accessing the CMS from the clients TLD.
That being said, we have multiple dev sites on the cloud hosting platform with a common upper "test link" hostname and shared IP (until launched with dedicated IP and SSL cert). I think that's what caused the false positive, as I can now see in the advanced history there was an origin reference of one dev site and a destination reference of another dev site.
Thanks for your response, and sorry to bother you.
Best Regards,
Steve