I see... no wonder i can't find any information about the AVS library... another concern is for IPS library... i don't we can find any info on this neither...
We do have another concern on this product, do we have to manually 'commit' each time after virus is found and quarantined?
FYI after i restart the system with EWF enabled, the risk log is gone and the virus come back to normal...
this is so weird... i suppose the virus cleanup use the same technology as virus definition update?
refer to here:
Note: Embedded clients have a unique feature that prevents the space used on
the storage device from growing too large. The Enhanced Write Filter keeps
changes from being written to the client. It stores changes in a virtual disk and
deletes the changes when the client is restarted. This becomes a problem when
you want to write the latest virus definitions and policies to the client. The XP
Embedded agent has technology that enables the Antivirus Signature Library and
policies to be committed to the storage device through the Enhanced Write Filter
without requiring a restart of the system. This capability enables you to apply
and update the Antivirus Signature Library and policies without losing your
changes when the client restarts.
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_endpoint_protection/for_windows_xp_embedded_5.1/manuals/Symantec_Endpoint_Protection_for_Windows_XP_Embedded_Administration_Guide_Addendum.pdf