Please consider turning on send info to Mozilla before posting a question. This helps us help you.

No idea, does your A/V tell you the exact file location that it was found in , like mine ? This would help determine if so.

Starting from Firefox 57, "only extensions developed using ... Newer versions of Firefox will use the bootstrap.js script, ignoring the components .."

So your running version 56, has any of your extensions just updated to be compatible with 57 and are not labelled as Legacy around same time this was found by the A/V program ?

You can upload the file to http:\\virustotal.com and have it scanned by multiple A/V programs.

As well most A/V sites have a subtitle page to determine if it is or is not and if it is not the update their whitelist. Norton has such but you make no mention of your program.

Please let us know if this solved your issue or if need further assistance.

It is a false positive. Some antivirus clients such as Norton have been pretty bad with giving false positives on clean Firefox stuff over the years and also with Thunderbird and SeaMonkey in similar fashion.

https://developer.mozilla.org/en-US/Add-ons/Bootstrapped_extensions

In what folder is this bootstrap.js located?

As posted above, all Legacy extensions that are restartless come with this file since it is the main file with the startup code to install and uninstall this extension.

I believe it's a false positive since it is in: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\

This indicates use for extensions i think.

I'm running ZoneAlarm Security which uses a Kaspersky engine for virus scanning. Heuristic scanning was on which resulted in the false positive,

Thanks for your help! The Virus Total website gave the file a complete bill of health and the other answers to my question explained where it was located.