Okay for the purpose of us trying to sort out this shambles, here's today's update from MS Premier Support (we're about a year into trying to figure this out...)
As for the information received by the product group, the root cause for this scenario is the fact that the 3rd-party service is backing up this file, in conjunction with frequent file changes due to captured network traffic going through this file. To mitigate this, they suggest adding a File Filter on this file path in Acronis Cyber Protect backup service. Here's the official documentation [https://www.acronis.com/en-us/support/documentation/AcronisCyberProtect_15/#file-filters.html The file is located at: "C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTSenseNdrPktmon.etl"
So what they're saying is that EtwRTSenseNdrPktmon.etl is capturing packets and therefore changing continuously. Acronis is backing it up to an external server; therefore creating packets. So there's a cyclical generation of traffic going on.
You'd assume that the big boys would all play nicely together and we could get some actual work done...
I've added that filter now on 2 VM's and will monitor over the next few days.