Modern antivirus and endpoint protection tools monitor your system for suspicious files, unsafe websites, unusual behavior, and malicious activity.
When a threat is detected, your antivirus displays an alert — but not all alerts require the same response.
This guide explains the most common types of antivirus alerts, what they mean, and what steps you should take to protect your device and your business.
This appears when the antivirus identifies a harmful program such as:
Trojans
Worms
Keyloggers
Spyware
Ransomware
Do not open any suspicious files.
Allow the antivirus to quarantine or remove the threat.
Restart your device if prompted.
Submit a support ticket if the alert keeps reappearing.
This means the antivirus noticed activity that resembles malware behavior, such as:
Unusual file modifications
Attempts to access protected areas
Apps trying to install without permission
Review the name of the application causing the alert.
If you don’t recognize it, let the antivirus block it.
If it is legitimate software, contact support before allowing it.
Triggered when you attempt to visit a site known for:
Phishing
Fake login pages
Malware downloads
Unsecure connections
Do not continue to the website.
Close the browser tab.
If you clicked the link from an email, it may be phishing — report it.
These may not be outright malware but can cause issues.
Examples include:
Adware
Browser toolbars
Unapproved optimization tools
Software bundled with installers
Allow the antivirus to remove or block the application.
If you need the program for work, confirm with IT first.
Your firewall blocked an application or connection attempt.
If you initiated the action (e.g., launching a work app), click Allow only if you trust it.
If unsure, choose Block and contact support.
This means your antivirus software isn’t fully updated and may miss new threats.
Open your antivirus dashboard.
Run Update or enable Automatic Updates.
Reboot if required.
If updates fail repeatedly, contact support.
Your antivirus may prompt you to run a scan if:
The system is overdue
Suspicious background activity is detected
A recent threat was removed
Run the recommended scan.
Avoid heavy computer use during the scan for best results.
Regardless of the alert type, follow these best practices:
Even minor alerts indicate a potential risk.
Look for keywords like:
“Quarantined”
“Blocked”
“Removed”
“Suspicious activity”
“Failed to clean”
If the alert appears right after you clicked something, stop using the file immediately.
This limits potential damage while IT investigates.
Include:
A screenshot of the alert
What you were doing when it happened
The name of the flagged file or app
Our team will help determine whether the alert is legitimate and what action to take.
Most modern security tools include:
Real-time protection
Email scanning
Web filtering
Ransomware protection
Behavior-based threat detection
Zero-day exploit protection
Cloud threat intelligence
This layered security helps stop threats before they cause damage.
Quarantine means:
The file has been isolated
It cannot run or spread
IT can review and safely delete or restore it
You should never manually open or restore quarantined files without consulting support.
Take these steps immediately:
Disconnect from Wi-Fi or unplug network cable
Stop using the device
Do not enter passwords or open sensitive applications
Contact OneStop Northwest support at once
Quick response reduces risk of data loss, ransomware, or unauthorized access.
Keep antivirus and operating systems updated
Enable automatic scans
Use strong, unique passwords
Avoid downloading unknown software
Enable MFA on work accounts
Back up important files (OneDrive, SharePoint, Zoho WorkDrive, Google Drive)
Report suspicious emails immediately