I am running Defender on a multisite setup and I am wondering why Defender gives inconsistent warnings in the mails it sends out. For some of my sites it flags wordfence-waf.php as a non wordpress core file (technically correct, but still an annoyance, as it#s legit) + a warning for an "insecure function" in wordfence-class.php (probably the base64_decode).
For other subsites there only is the warning about wordfence-waf.php, and for my main site the mail comes back with congratulation, no issues found. Which is kind of odd, as all these messages are referring to the same multisite install - something I would not expect from a company who calls itself "the multisite" experts.
From my point of view the ideal solution would be to get only one email in case of a multisite install, because all the files are shared anyway and it is a real annoyance to sift through 100+ emails every day that come from the different sub sites of my multisite install.