This content has been marked as final. Show 2 replies
You might check the APP and OAS logs in the VSE Console on those systems.
With a minimum of luck you'll see lines indicating what was seen...
Then, if those people are "running reports", they oughta know what they're doind, i.e. more or less which program they're using and what files they're accessing... so you might check in that direction with "scan exclusions"... (that is a bit more "trial and error" which I personally dislike, but sometimes it's the only way)
You can check the current scan object in the VirusScan On Access Scan Statistics in the Tools menu. You could also use a tool like Process Monitor (Systernals/Microsoft) to watch the mcshield process. There's also the option of watching file handles with process explorer.