Malware or not? Dispute with protection provider

Hi to the ultimate support team :wink:

I am struggling with my Antivirus/Malware protection provider Siteguard, wether the following files are malware or not:

/wp-content/plugins/popover/views/meta-customcss.php
/wp-content/plugins/wordpress-chat/wordpress-chat.php

Maybe the files themselves are not bad from their core, but simply got infected by a hack attack, but that is annoying enough since i expect siteguarding to protect my website from this. Or do I have wrong expectations?

My site is hardened with a brute force attack protection, WP Security, running the siteguard service and so on, but attacks seem to happen successfully very week. It gives me a strange feeling, paying for a mediocre service, that does not protect my website. Should i switch to another provider like sucuri, wordfence? Your advice is really appreciated.

have a nice sunday, cheers,
Sebastian.