The scan action OfficeScan performs depends on the scan type that detected the spyware/grayware. While specific actions can be configured for each virus/malware type, only one action can be configured for all types of spyware/grayware (for information on the different type of spyware/grayware, see Spyware and Grayware). For example, when OfficeScan detects any type of spyware/grayware during Manual Scan (scan type), it cleans (action) the affected system resources.
The following are the actions OfficeScan can perform against spyware/grayware:
OfficeScan terminates processes or delete registries, files, cookies, and shortcuts
After cleaning spyware/grayware, OfficeScan clients back up spyware/grayware data, which you can restore if you consider the spyware/grayware safe to access. See Spyware/Grayware Restore for details.
OfficeScan performs no action on detected spyware/grayware components but records the spyware/grayware detection in the logs. This action can only be performed during Manual Scan, Scheduled Scan, and Scan Now. During Real-time Scan, the action is "Deny Access".
OfficeScan will not perform any action if the detected spyware/grayware is included in the approved list. See Spyware/Grayware Approved List for details.
OfficeScan denies access (copy, open) to the detected spyware/grayware components. This action can only be performed during Real-time Scan. During Manual Scan, Scheduled Scan, and Scan Now, the action is "Pass".
When OfficeScan detects spyware/grayware during Real-time Scan and Scheduled Scan, it can display a notification message to inform the user about the detection.
To modify the notification message, go to Notifications > Client User Notifications > Spyware/Grayware tab.