I am particulary interested in the eqiuvalent from this part of the SAV 10 info I linked above:
08) LI_ACTION1: Primary Action configuration (Virus Found event only)
1 - Quarantine infected file
2 - Rename infected file
3 - Delete infected file
4 - Leave alone (log only)
5 - Clean virus from file
6 - Clean or delete macros
Anything else - Unknown Action
09) LI_ACTION2: Secondary Action configuration (Virus Found event only)
1 - Quarantine infected file
2 - Rename infected file
3 - Delete infected file
4 - Leave alone (log only)
5 - Clean virus from file
6 - Clean or delete macros
Anything else - Unknown Action
10) LI_ACTION0: Action Taken (Virus Found event only)
1 - Quarantined
2 - Renamed
3 - Deleted
4 - Left alone
5 - Cleaned
6 - Cleaned or macros deleted (no longer used as of Symantec AntiVirus 9.x)
7 - Saved file as...
8 - Sent to Intel (AMS)
9 - Moved to backup location
10 - Renamed backup file
11 - Undo action in Quarantine View
12 - Write protected or lack of permissions - Unable to act on file
13 - Backed up file
Is this info all still the same? And if it is in the regular log in the database, is it the same via Syslog? This is what I cant find.