Security issue - Why is pswindowsupdate.dll process consistently running in background?

[sniperdoc]

It appears to be periodically running. I thought this was a manual tool for sysadmins to use? Not something to runs periodically in the background.

Policy Matched: Default - Servers
Organization Name: xxxxxxx
Hostname: xxxxxxxx
Username: xxxxxxxxxx
Full Path: c:\program files\windowspowershell\modules\pswindowsupdate\2.2.1.5\pswindowsupdate.dll
Process Path: c:\windows\system32\windowspowershell\v1.0\powershell.exe
Created By Process: ["c:\windows\system32\windowspowershell\v1.0\powershell.exe"]
Hash: E5E1F9C5C90835B4781BCA3C885A929A
SHA256Hash: A82AD86FB4C59748F474151BCA43EADABA86A64DF252DED768FCF6219E2B8A6A
Certificate: cn=powerclouds michal gajda, o=powerclouds michal gajda, l=warszawa, c=pl
Action Type: execute
Effective Action: Denied

[sniperdoc]

Seems system\perflog is triggering it when we're running performance monitors. Don't understand why.

[jzavcer]

Are you sure there isn't some kind of schedule task running on the system or remote Ansible job that might be doing a check in process.

[sniperdoc]

Are you sure there isn't some kind of schedule task running on the system or remote Ansible job that might be doing a check in process.

There are perflog processes running to monitor processor and memory usage on one particular server. I'm assuming that this means that the dll is just automatically loaded and running at all times, even though not actively in use by an admin via powershell console? The reason I ask, is because it's only two servers that Threatlocker was flagging the process. The other 16 I've used this on, never a peep? Just want to be sure that it's normal operation. I've already added the process in TL, but never hurts to be sure.