Endpoint SWAT: Protect the Endpoint Community

Hi all.  A few days ago a few of my SEP SBE clients started having this same PNG file get flagged as a High-Risk Incident.  File path details indicate it is stored in a skins subfolder of the Minecraft game, which appears to be a default app in Windows 10.  

The MD5 hash for this file is 0be59b991ec2295ded49bca7d4af74d2 and details are at virustotal.  According to virustotal it seems only Symantec is flagging this file as bad, as Trojan.Gen.2.  

But so that searches and what not lead to this article, which with any luck will have answers posted by those more knkowledgable than I, the filename and path info: 

southernsymbolvermillionbird.png

see:\program files\windowsapps\microsoft.minecraftuwp_1.1.352.0_x64__8wekyb3d8bbwe\data\resource_packs\skins\skinpacks\chinesemythology\southernsymbolvermillionbird.png

Oddly, only a few systems from a few clients are affected so far, yet all are running Windows 10.  Well, it seems at least one detection was from Auto-Protect, not a disk scan, so that's interesting.  

Thanks for any input.  

There was thread on this on Spiceworks, same issue:

https://community.spiceworks.com/topic/2014475-multiple-sep-alerts-for-the-same-file-on-different-computers?from_forum=216

Looks to be a false positive

I'm maybe a bit surprised Symantec hasn't said anything, but then again I have minimal visibility into what they say, I don't even get notices most of the time for responses to forum posts I make on here, let alone new stuff :) Anyway, VirusTotal seems to show it as just Symantec flagging the file.  I'll go ahedad and mark your response as the answer.  

Seems I have no way to mark your post as an answer.  I'm confused about Symantec's forums sometimes.  I can either Reply or Mark As Offensive.  I figured the former was more polite :)

Email notifications seem to be hit or miss and have been for some time. Not sure what happened there.

I can see the option to Mark as solution on the posts but no big deal.