In our case this is the DAW supplied example EXE being caught by a scan after an AV update