Alert named 'DefenseEvasion' malware was blocked on a Microsoft SQL server

Hi,

I've got an alert named "'DefenseEvasion' malware was blocked on a Microsoft SQL server" on our M365 Defender portal.

While analyzing this alert, in fact it's flagging a file named "Scheduled Start", which is on the folder "C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start", and when I went there to check, it's basically the schedule task to start windows update service on the server.

So not really getting why is it flagging this like it is. Anyone seen anything similar?

Thanks