Ive been having this issue for awhile (A few months) but just got around to trying to fix it. So, it began when aepdu.dll (In system32) showed up in the unrecognized files menu. I left it alone, and it was moved into trusted files. However, since then, CIS has been logging blocked intrusions from aepdu.dll. The flag is always “Modify File”, and the target is always ether “C:\windows\TEMP\CompatTelemetryLogs\setuprr.log” or “C:\windows\appcompat\programs\FullCompatReport.xml”.
I did some research, and it seems aepdu.dll is a safe windows file that is involved with the program compatibility layer? The entries get logged around the same time everyday (About noon), and while its not a big issue, its just a bit annoying having my log filled up with these entries.
Can you post a screenshot of the defense+ logs showing the intrusion, its weird that a dll file is performing any action on its own as dll’s can not be executed by themselves and are loaded within applications.
This may seem strange but try removing it from the trusted files, press ok then close the settings, then re-add it to the list. If that doesnt work then last resort would be create a hips rule for that dll and give it the allowed application ruleset preset.