How to interpret Event::Endpoint::CorePuaClean - manual cleanup needed or not?

would like to understand when manual cleanup is needed via API events/alerts alone

this field in API events/alerts I am not clear on:

Event::Endpoint::CorePuaClean 'result'

API RESULT UNDERSTOOD:

{"items":[{"descriptor":"C:\\Users\\SOMEUSERNAME\\Downloads\\viewpdftools.msi","processPath":"","result":"SUCCESS","sophosPid":"","suspendResult":"NOT_APPLICABLE","type":"file"}],"totalItems":1}

API RESULT UNCLEAR: (shall I assume manual cleanup is needed when I see this, no separate manual cleanup alert or event is triggered)?


{"items":[{"descriptor":"C:\\Users\\SOMEOTHERUSERNAME\\Downloads\\pdfguruhub.msi","processPath":"","result":"NOT_FOUND","sophosPid":"","suspendResult":"NOT_APPLICABLE","type":"file"}],"totalItems":1}



Added Tags
[edited by: GlennSen at 9:02 AM (GMT -8) on 11 Dec 2024]