Does anyone know why this started out of the blue? It seems like a commonality between multiple different threads on the Internet regarding this is that these files started on or shortly after 4/28. We control our updates via WSUS and haven't run any updates for at least a week prior to this hitting us. I'd understand if as soon as we updated to 1.1.18100.5 that it started generating these files but that's not the case. It just seems strange that the affected servers start generating these files on 4/28 and other servers seem to be fine. I'd say there's some kind of trigger for this time bomb but it seems unlikely that the trigger was pulled for multiple but not all of the servers at the same time.
Here are some other threads talking about this issue:
https://community.spiceworks.com/topic/2316398-windows-defender-filling-disk-with-thousands-of-files?utm_campaign=item&utm_medium=rss&utm_source=global
https://learn.microsoft.com/en-us/answers/questions/378578/windows-defender-creating-thousands-of-files.html?page=2&pageSize=10&sort=oldest
https://www.reddit.com/r/sysadmin/comments/n0q8pc/help_windows_defender_real_time_protection/