What was the detection method? If it was just a on-demand scan, then no, because the file is already present on the system. No, if it was realtime- like scriptscan, it should have then reported the threat source if it was able too.
This was On access scan, still we don't have any url entries for that.
during the time of the alert we check firewall logs but we only found that urls related to Microsoft "vortex-win.data.microsoft.com/"
the threat source url is not used by VSE
He's right from what I see if it was from a on-access scan. Here is the complete list of what you will capture. SiteAdvisor installed, that captures it.
Complete list of Event IDs for VirusScan Enterprise
Technical Articles ID: KB52417