Anti-Virus identified blocked and cleaned a potential malware infection
Many organizations will consider this a false positive, since the remediation is complete. Consult your IR plan.
Legitimate IT software is flagged as malicious
IT organization sometimes add software that behave in similar ways to malware and can be flagged by AV tools.
Anti-Virus incorrectly flagged custom script files that is non-malicious
Custom scripts files are often non-signed by a trusted source which can cause AV to be more likely to flag as malicious.
Tools, such as remote desktop applications will be flagged as potential unwanted software
Attackers and system owners use tools that can have legitimate or malicious uses. These can be flagged even when used for a legitimate business purpose.