Renaming (and/or) deleting a file using the
OS APIs is closely watched operation by all
AV scanners and specially Windows Defender, this is called a trigger,
so, i suggest to try the following:
1) create a file, new and different file either in the same directory or in different path.
2) choose the name you want, try ".mp3", ".bin", ".dat" ... just test multiple variations.
3) write the data to the new file, may be just copy the content form the old file to the new one.
4) delete the original, and see if this step still triggers the Defender, as it might, being NTFS closely monitored for ownership and permissions.
Please, test the above and report here, so we can see if an encryption is needed, also we need to know exactly what step is the trigger, it could be writing/renaming on that directory and has nothing to do with the files them selves, which is pretty much easy one, but again if you are changing the content of a file you are not suppose to from Defender point of view, or that file is watched for its content then it will trigger th Defender, but this solvable by creating the copy (may be with encryption) the content to different file (woth/without different path) same as above.
And good luck !