On sites that I install Defender and run a scan, Defender always reports at least two "unknown files" named error_log. I've turned on support for a fresh install with Defender so you can see. I'm never able to get a clean report from Defender because of this, if I "fix" the issue by deleting the error_log files they just come back.
That install uses the Divi theme (latest version) with a child theme and Defender is reporting stangley that Divi has a security issue and it's fixed in a much earlier version of Divi?
Vulnerability type: PRIVESC
This bug has been fixed in version: 2.6.4