Would like to see a new field in the SEP database that can be leveraged during reporting and analysis related to the malware being found as it relates to a the drive location being local or remote.
Granted it is best practice to disable network scanning, however when it is enabled results can be misleading.
SEP is already aware of local/remote drive status.
My Analysts know the default drive letters used for the typical personal share and department share.
However the users can map a share to any drive letter, and some servers use higher drive letters for various partitions, that may not be documented as a corporate standard.
It would greatly improve our response to a given malware if we had an immediate indication of the file path location being local or remote. For example if the finding is on a share, it does little good to remove the host that accessed that share but leave the malware behind on the share for other users to access.