The revelation doesn't affect the company's brief possession of classified NSA files (those were part of a larger file deemed suspicious). However, it's definitely not normal -- antivirus software typically only targets files that are direct risks. And in the case of competing antivirus tools, like F-Secure, it's not uncommon for them to ask permission before they upload anything.

This doesn't mean that Kaspersky's tool is doing anything sinister. According to Kaspersky, it's really about catching "cyber criminals." However, the revelation certainly isn't going to allay concerns that Kaspersky might have helped the Russian government conduct espionage. If the company can take files that don't have an immediate bearing on a PC's security, what's to stop it from passing on files that Russian intelligence might want?

As it is, this also highlights a broader issue with antivirus software as a whole. As Trail of Bits chiefDan Guido explained, many antivirus programs collect a large amount of data about the computers that run them, if often out of necessity. It wouldn't take much for a less-than-upstanding company or a hacker to misuse that info, and you may want to be sure that you're comfortable with how an AV suite handles your data before you use it.

Update: Kaspersky disputes claims he said the software takes non-threatening files. Reuters has since modified its piece to reference the AV tool taking "inactive" files.