How actions are taken on detections

When a detection occurs, the resulting action depends on how VirusScan Enterprise is configured. If configured to Clean automatically (the suggested default setting) the resulting action depends on the cleaning instruction from the DAT file. For example, if the scanner cannot clean a file or if the file has been damaged beyond repair, the scanner might delete the file or take the secondary action, depending on the definition in the DAT file.

When the scanner denies access to files with potential threats, it also appends the filename with an .mcm extension, when the file is saved.