The details are below. A full scan came back clean and the user doesn't report anything out of the ordinary. I checked security logs nothing suspicious and confirmed the device is fully patched.
I believe this is a false positive but would like to know more about how the "User Login" is affected in this instance.
Event name: ATC.Malicious
Att&ck Tactics: N/A
Event description: Advanced Threat Control has labeled explorer.exe as a potential threat to your system.
Event name: SuspiciousSignedProcessExecution
Att&ck Tactics: Defense Evasion
Event description: A signed suspicious process has been executed
ATT&CK Techniques: Subvert Trust Controls – T1553.002 Code Signing
Event name: user_login
Event description: User Login
Event name: Process Create
Att&ck Tactics: N/A
Event description: A process has been created.
Event name: Process Create
Att&ck Tactics: N/A
Event description: A process has been created.