I am glad the issue is solved.
I have accidentally selected check-boxes or incorrectly answered a Defense+ alert a few times myself.
In fact, I periodically check my settings, trusted files, and unrecognized files to make sure that everything is hunky-dory.
I agree that the notification should be better implemented. I think the main GUI is simply telling you that the elements that you have loaded are functioning okay. When you check "deactivate the Defense+", you are telling CIS not to load D+. Also, some people have not installed D+ or the AV or the firewall, and thus those elements are not loaded, but the GUI will still indicate that the elements that are loaded are working okay.
It would be nice if you could customize how the CIS check-mark will warn you (in a fashion similar to how you can customize notifications in windows security center). You specify the elements that must be loaded and enabled for a green check mark to appear (e.g. defense+, AV, firewall, sandbox, execution control, etc). It would also be nice if CIS warned you when a setting is less secure than a specified level (e.g. you can set the firewall's minimal security notification to "safe mode", and CIS would warn you when the firewall was set less secure than this. Or you could set the notification level for "Treat unrecognized files as" to restricted, and CIS will warn you when the level was less secure that this).