The following PolicyPak registry value’ data may be flagged as suspicious encoded content.
Location: HKEY_CURRENT_USER\S-1-5-21-...\Software\Policies\PolicyPak\{26E3A6CB-3C62-47B7-960D-7662766E4C6A}\Name-of-the-AppSet\
Value: (XmlReport)
We have reports that it is reported under Microsoft Defender’s category MITRE ATT&CK Techniques, and suspicious activity classified as T1001:Data Obfuscation.
The data in this reg value is in base64 encoding format and it's responsible to store information for XML reporting purposes. Its classification as a high severity issue can be ignored.
More information about T1001:Data Obfuscation is at this link: https://attack.mitre.org/techniques/T1001/