Thanks all for the additional comments/information. I certainly hope someone from the Microsoft team can look into this and offer some explanation or ideas to resolve.
Some additional information that I learned since posting this question originally.
In our cases, the alert was being triggered and execution blocked due to the customers executing ProcessExplorer with elevated privilege (aka "as admin/system"). In this case the driver is loaded with same so is flagged because the driver "could be used by a threat actor to cause harm". Seems when the application is run normally, the issue is not the same as access to manipulate the system via the driver privileges is not available.