When Symantec Protection Engine operates in audit mode, the ICAP client handles the application of URL filtering and the denial-of-access to restricted sites.
Symantec Protection Engine provides the ICAP client with the information that is necessary to determine whether a site should be blocked. The client decides how the request is handled.
When you select audit mode, all URL categories and local categories are automatically included in the Audit list. You cannot select specific categories to include in the Audit list. However, you can add and delete local categories.
For each request from the ICAP client, Symantec Protection Engine matches the request against all categories. Symantec Protection Engine notifies the client if the requested URL is contained in any URL category or local category. Based on the information that Symantec Protection Engine returns, the ICAP client determines whether the site should be blocked.
When Symantec Protection Engine scans in audit mode, scanning does not stop when a single URL match is found. It continues to scan against all categories. Symantec Protection Engine provides the results to the ICAP client so that it has all of the information it needs to handle the request.
Imported Document ID: HOWTO79672
Subscribing will provide email updates when this Article is updated. Login is required.