Hi,
Thank you for the report.
We can confirm this is a false positive from Imunify360. The file default.php in Helix Ultimate is part of the original and legitimate source code and does not contain any malicious content.
This detection has been reported by other users as well and is related to the security scanner’s signature pattern rather than any real threat.
As a temporary workaround, please stop scanning or exclude this file from Imunify360 until we have contacted them and clarified the issue, or apply an exclusion rule for this specific file to prevent it from being removed or zeroed out.
We appreciate your understanding and will update you once we have more information.
Thanks