Hello minli and all other followers of this thread,
Good news- the investigation is now complete. This detection has been confirmed to be a False Positive and has been corrected. Run LiveUpdate to receive PTP/SONAR/BASH definitions with the version May 02, 2017 rev: 01 (20170502.001) in order to avoid this FP.
Please do update this thread with confirmation that this has resolved the detections for you!