Discrepancies in Windows Defender Raw Logs: Mismatched Process Details

I have been reviewing Windows Defender raw logs and have noticed some discrepancies in the log data. I would appreciate any insights or explanations regarding the issues I have encountered.

Details:

Case 1:

The log snippet below shows duplicated fields with conflicting values for InitiatingProcessVersionInfoInternalFileName, InitiatingProcessVersionInfoOriginalFileName, and InitiatingProcessFolderPath: "InitiatingProcessFileName": "svchost.exe", "InitiatingProcessFileSize": 55320, "InitiatingProcessVersionInfoCompanyName": "Microsoft Corporation", "InitiatingProcessVersionInfoProductName": "Microsoft\u00ae Windows\u00ae Operating System", "InitiatingProcessVersionInfoProductVersion": "10.0.19041.1806", "InitiatingProcessVersionInfoInternalFileName": "svchost.exe", "InitiatingProcessVersionInfoOriginalFileName": "svchost.exe", "InitiatingProcessVersionInfoFileDescription": "Host Process for Windows Services", "InitiatingProcessCommandLine": "svchost.exe -k netsvcs -p -s gpsvc", "InitiatingProcessFolderPath": "c:\windows\system32\svchost.exe", "InitiatingProcessParentFileName": "services.exe", "InitiatingProcessIntegrityLevel": "System", "InitiatingProcessTokenElevation": "TokenElevationTypeDefault", "AppGuardContainerId": "", "InitiatingProcessSessionId": 0, "IsInitiatingProcessRemoteSession": 0, "InitiatingProcessRemoteSessionDeviceName": "", "InitiatingProcessRemoteSesnyName": "Microsoft Corporation", "InitiatingProcessVersionInfoProductName": "Microsoft\u00ae Windows\u00ae Operating System", "InitiatingProcessVersionInfoProductVersion": "10.0.19645.1121", "InitiatingProcessVersionInfoInternalFileName": "CompatTelRunner.exe", "InitiatingProcessVersionInfoOriginalFileName": "CompatTelRunner.exe", "InitiatingProcessVersionInfoFileDescription": "Microsoft Compatibility Telemetry", "InitiatingProcessCommandLine": ""compattelrunner.exe" -maintenance", "InitiatingProcessFolderPath": "c:\windows\system32\compattelrunner.exe" Case 2:

In the following log snippet, the InitiatingProcessFileName is powershell.exe, but the InitiatingProcessFolderPath corresponds to cdf.exe, not the expected PowerShell executable path: "InitiatingProcessFileName": "powershell.exe", "InitiatingProcessFileSize": 450560, "InitiatingProcessVersionInfoCompanyName": "Microsoft Corporation", "InitiatingProcessVersionInfoProductName": "Microsoft\u00ae Windows\u00ae Operating System", "InitiatingProcessVersionInfoProductVersion": "10.0.22621.3085", "InitiatingProcessVersionInfoInternalFileName": "POWERSHELL", "InitiatingProcessVersionInfoOriginalFileName": "PowerShell.EXE", "InitiatingProcessVersionInfoFileDescription": "Windows PowerShell", "InitiatingProcessFolderPath": "c:\program files (x86)\honeywell\uniformance\process studio\cdf.exe" Similar discrepancies have been observed with various other processes as well. What could be causing these discrepancies in the log data?

Are these discrepancies indicative of any potential issues or misconfigurations in the Windows Defender logging mechanism? Any guidance or recommendations to address these issues would be greatly appreciated.