Crowdstrike EDR repeatedly flags m365copilot_autostarter.exe

We are seeing recurring CrowdStrike informational alerts for m365copilot_autostarter.exe, located under the WindowsApps directory for Microsoft OfficeHub (versions 19.2509.32081.0 and 19.2508.51171.0).
The alerts are flagged as “meeting the machine learning-based on-sensor AV protection’s lowest-confidence threshold for malicious files”.
Two hashes are repeatedly seen across different customer environments:
- 2ee039508706a40e1ca608d2da670d8f8b4b3605343ae4601e7f2407db6a35e (timestamp: Sept 2, 2025)
- ade2675e1247ffd1cbe4e408716a559fb502aeca26985a53d35755d1c13827f3 (timestamp: Aug 21, 2025)

Both files appear clean in reputation checks, but they are unsigned and have no vendor information, which is raising questions in security tooling.
Since these alerts are consistently triggered across Windows 10 and 11 endpoints in multiple environments, we are trying to confirm:
- Is this a legitimate, recently introduced OfficeHub / Copilot component?
- Why is it unsigned compared to other OfficeHub binaries?

Any clarification from Microsoft would be appreciated.