The ICAP response headers that Symantec Protection Engine uses indicate the total number of violations that are found in the scanned data. If violations are detected, a series of indented lines that contain information about each violation follow the header.
By default, Symantec Protection Engine does not send the threat category name in the ICAP response header. However, you can modify the EnableNonViralThreatCategoryResp value to include the threat category name in the header.
When enabled, the field in the response header appears as "ThreatDescription" and contains the threat category name. The threat category name is appended to the virus name with a delimiter pipe; for example, ThreatDescription = <VirusName>|NonViralThreat=<CategoryName>.
After you modify the default setting using the command-line tool, restart the Symantec Protection Engine service.