I understand what you're saying completely. I deal with them daily and new threats on edge devices with public facing services through government alerting and other channels watching for threats. No serious virus, trojan, malware or what not has gotten loose on my watch, knock on wood.
I always send people their as a "neutral" place to get a second opinion with questionable files. I spent last 22 years working for the state mainly doing firewalls, routers, switches, VMWare and of course virus scan is mine too (uugh!
and prior to that a whole lot of years at UPS doing the same. We use enterprise deployment tools pushing to 100's of PCs. I have a fairly complex hierarchy of policy inheritance in place for exceptions and other challenging requests. Unfortunately we aren't a large enough organization to have dedicated IT roles like a bank or something that employees 10's of thousands so we wear many hats on a daily basis.