Generated XML marked as Malicious File by Defender

Hello Experts,

I've been dealing with an issue for months now and I guess I have finally found root cause of it... Trying to find solution now..

I have an XLSB file that has a macro inside and a button that will generate an XML file. The macro should create the XML file that is opened in Notepad and then saved on Desktop.... However, these last steps fails with error message "Notepad - The system cannot find the path specified". I've tried to reinstall office, even reset the laptop... but the issues returned after few days.

Actually, I experience two results with two different user accounts on the same computer:

1. the XML file is not created at all and it fails with "Notepad - The system cannot find the path specified"
2. the XML is created however before the macro finishes, the file is disappear from desktop (When I open notepad manually the data are there cached so I can save them manually at least)

• I am 99% sure it has to do something with Defender... 
• We use M365 E3 with M365 E5 Security and we have almost all ASR rules enabled via "Intune>Endpoint Security>ASR". ASR are for "all devices" and do not see any event relating to the XML in Defender>Reports>ASR Rules

Now, I've today checked Timeline in Defneder for the computer I use to generate the XML, and found the below:

1. for scenario 1 above - I see Mitre - "T1204.022: Malicious File" marking for the XML open file
2. for scenario 2 above - I see Mitre - "T1204:User Execution" marking for launching XLSB file

How should I action this? How can I stop blocking XML generation? 

Any advise would be great as this is starting to be very frustrating...

Thanks