As others have suggested, too, this seems to happen fairly often. I know of at least three cases of this in our organization, in both, WebStorm and AndroidStudio.
Interestingly enough, I’ve been using the SonarLint plugin for AndroidStudio for a few months without any issues, but this morning it was my turn.
Hello, welcome to the community! And thank you for reporting this issue.
As far as I can tell, the rules.pb file is created/updated when rules and quality profiles are synchronized with a server through connected mode.
Since this is a raw binary protobuf stream, the generated file sometimes matches a signature used by anti-virus software - and yes this is a big pain in the back especially since it depends on whatever is configured on server side.
Would it be possible for you to attach the offending file to a post in this thread?
In the meantime and if this is possible to you, I suggest that you configure an exclusion for the AndroidStudio4.1\sonarlint folder in Windows Defender.