Missing Details and Actions triggered/gathered during the threat detection.
1. Improve the details gathered during the virus detection. Those details should contain following information:
- Drive type (whether it was USB, normal or network drive …)
It is extremely useful to know the drive type on which the virus got detected. Especially when you do have to create the reports which include the information “From which drive type” the risks are coming from.
2. Preferably, implement a Custom Action which could be executed upon the virus detection.
Run a script when virus gets detected.
Note: I am aware of the registry key TimeOfLastVirus which can be monitored for virus detection with SNAC or ALS … but It will be much easier to implement the possibility of executing Custom Actions upon virus detection.