That depends on the policy behind antivirus incidence.
Should be alert be for a legitimate file, it can be white listed.
Upon the incident being positive and a malicious file being in the system, it needs to be quarantined and delete it.
After the quarantine the source of the file needs to be checked in order to determine where it came from and where the vulnerability is in order to prevent future incidents.
Overtime these anti-virus alerts can be fine-tuned so that’s the frequency of alerts can be reduced.
