I reporting the critical events after I carry out on demand scans. Most of these events have event descriptions such as 'infected file found and NOT deleted'. However a few critical events have the event description 'Infected file found', and Action taken : 'None'
Am I wrong in assuming that these infected files have not been deleted??
Yes I am quite sure. I created a new subgroup, added a task with the above actions to this subgroup, and moved the systems to be scanned to this subgroup. I then created a query which returns the events of systems in the newly created subgroup.