Enable threat categories information

The ICAP response headers that Symantec Protection Engine uses indicate the total number of violations that are found in the scanned data. If violations are detected, a series of indented lines that contain information about each violation follow the header.
By default, Symantec Protection Engine does not send the threat category name in the ICAP response header. However, you can modify the EnableThreatCategoryResp value to include the threat category name in the header.
When enabled, the field in the response header appears as "ThreatDescription" and contains the threat category name. The threat category name is appended to the virus name with a delimiter pipe; for example, ThreatDescription = <VirusName>|NonViralThreat=<CategoryName>.
After you modify the default setting using the command-line tool, restart the Symantec Protection Engine service.
EnableThreatCategoryResp settings
XPath
Field values
Default values
/configuration/​ProtocolSettings/​ICAP/EnableThreatCategoryInformation​/@value
  • True
    Symantec Protection Engine sends the threat category name.
  • False
    Symantec Protection Engine does not send the threat category name.
True
This parameter is only applicable with new ICAP services introduced in Symantec Protection Engine version 7.0 and later. For more information, see the
Symantec Protection Engine Software Developer's Guide
.