Microsoft Defender (agentless) detecting Palo Alto libraries as malware

Microsoft Defender Agentless detecting Palo Alto pre-built libraries as malware (Trojan:Linux/Wacatac). Below are some examples of the paths reported in the alert. 

• hdd/s3iy2dlz.qh4/releases/10.1.10/RPMS
• hdd/s0gyzo2f.ueu/releases/10.1.10/RPMS 
• hdd/toujmepf.b2o/releases/10.1.10/RPMS 
• hdd/yk0rtetk.5ys/base/10.2.0/RPMS 
• hdd/yk0rtetk.5ys/releases/10.2.8/RPMS
• hdd/yk0rtetk.5ys/releases/10.2.8-h3/RPMS

• PA-VM Azure

Palo Alto Networks has obtained below response from Microsoft Customer Service and Support Team. 

"Microsoft utilizes a variety of detection methods, including behavioral analysis and machine learning, to identify possible malware. On occasion these detections can produce false-positive detections of legitimate files. These cases are often a result of Microsoft trying to hone better protections against yet unknown malware.  The fixes vary, but often result in refining the properties and behaviors we look for as indicators of malware."

Palo Alto Networks recommends our customers to initiate an initial investigation with Microsoft Support team. The exact file needs to be extracted from the Azure Portal and uploaded to the Microsoft ticket for further investigation. 

Please know that these malware alerts are critical to Palo Alto Networks and must be brought to our attention immediately once the investigation has been concluded to be True Positive.