ngen.log modification by taskhost.exe blocked

I think the title says it all. This seems to have been done two times, the first CIS reported that there was an alert shown and the second it was just blocked. I think this behaviour should have been allowed.
Why it got blocked?
You can also see the screenshot from the report.

[attachment deleted by admin]

I just got this popping up for the first time today too, basically taskhost.exe modifying the contents of ngen.log (see screenshot below). Haven’t found any answers online, anyone know why this is popping up now?