How would you handle a situation where your endpoint protection shows no immediate alerts after a suspicious click?