How actions are taken on detections

When a detection occurs, the resulting action depends on how the detection definition is defined in the DAT file. For example, if the scanner cannot clean a file or if the file has been damaged beyond repair, the scanner might delete the file or take the secondary action, depending on how it was defined in the DAT file.

When the scanner denies access to files with potential threats, it also appends the filename with an .mcm extension, when the file is saved.