Spyware scans can be performed from the console machine or locally on each target machine.
Console-based scans (also known as a Network Scan): The scan of each target machine is performed by the spyware scan engine located on the console machine. The advantage of this option is that it is non-invasive, meaning nothing is ever placed on the target machines. The disadvantage is that it may create a lot of network traffic, particularly if you are scanning many machines at one time.
Machine-based scans (also known as a Dissolving Service Scan): A separate instance of the spyware scan engine is copied to each target machine and each scan is performed locally on each machine. There are two advantages to this option: The scans are faster because the target machine's CPU is used to perform the scan rather than the console machine's CPU, and a deeper and more complete scan can be performed on each machine. This may not be an acceptable option for everyone, however, because some corporate security policies do not allow objects of any sort to be placed on machines in the network.
The spyware scan template you use defines how the scan will be performed. See Creating a New Spyware Scan Template for information about the Network Scan and Dissolving Service Scan options.