I don't think you can get this, unfortunately - I think VirusScan bundles all access protection rule violations under s single event, so you can tell that a rule was triggered, but not which one.
Furtunately this is not true.
You can filter-out this using threat name or part of it:
Threat Name: Anti-virus Standard Protection:Prevent mass mailing worms from sending mail
It is possible in EPO4 or EPO45.
Here is how you do it.
1. Create new Events query.
2. Select your Chart type.
3. Select your columns.
4. Under Filter, select EventID = "1094" & Threat Name = "Anti-virus Standard Protection:Prevent mass mailing worms from sending mail"
Event_1094.jpg 60.2 K
Excellent - I love being wrong when my answer is bad news Thanks for the clarification, folks
Hats off to that man
Many thanks, now looks like I've made more work for myself after running the query...
Many thanks for prompt response