Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Microsoft typically releases an update for the Microsoft Malware Protection Engine once a month or as needed to protect against new threats. The default configuration in Microsoft antimalware software helps ensure that malware definitions are kept up to date automatically. For affected software, the affected software provides built-in mechanisms for the automatic detection and deployment of this update. For these customers, the update will be applied within 48 hours of its availability.”]
Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31985