I want to examine additional information in the Virus Alert trigger to see if the threat was successfully removed and also pull out the name of the threat.
This would allow me to add a decision to perform some basic actions if the threat removal succeeded, or take additional actions if the threat removal failed.
Here is an example of an alert when the threat removal succeeded.
The virus PUA:Win32/Presenoker was detected at file:C:\Users\xxxxxxxx\Downloads\pijyrtyfp.exe on WorkstationName.MyDomain.local at Apr 8, 2021 11:37:24 AM. Remove failed with error 0x00000000 The operation completed successfully.