Good Day !
Why would a PHP.ini file be considered a unknown file ?
This file was created during the install of WordPress . This site is being hosted by 1and1.com 1and1 generally starts WordPress hosted sites I believe by taking over management of said site until you relinquish this from them.
This is a very new install and I haven't added any real content to it, so why in the world are their so many security issues with a brand new site that only has WordPress and a few plugins and themes as content. This to me is a bit puzzling unless the security issues are related to the host and or server. This particular site is on shared hosting , I do have a VPS server with them as well.
Would Defender be instructing that the PHP.ini file should be removed ?