Actually I've had a coffee and am thinking a bit more. So, I agree if the virus scanner picked it up, it must have been resident on the system already since only AP or IPS/Insight will pick up active stuff (or SONAR I guess, though it's so rare I see SONAR pick up anything), and yet, if a resident file is sitting dormant but then tries to launch, it too will be picked up by Auto-Protect "from the inside out" basically or am I still not caffenated enough? :)
Ok here's the details requested:
Incident Details
script[2].js (JS.Downloader!gen33) detected by Virus scanner
Threat Name
JS.Downloader!gen33
Also of note is that this particular computer gets very frequent alerts related to fake tech support scam websites. Always seemingly when the person is using the computer, though that alone says nothing since the mere actrivation of the web browser may also call up the script, if said script is set to launch upon browser launch - so no necessarily that the person is visiting sites with malvertising or what not.