Hello,php being deleted by Wordfence?

Is Wordfence deleting hello.php? When I enter the plugin page on several of my websites I’m getting an alert box telling me that hello.php has been deleted. I’m guessing that this is being done either by the Wordfence plugin or by Siteground (hosting service). I’ve deleted the Hello Dolly plugin in response as it was just a bit of fluff but I wonder why Wordfence (or Siteground) are detecting this php script as malware. Is Wordfence (or Siteground) being overzealous in trying to protect my sites? I realise that hello.php is probably a popular infection point but would expect that you would run a “checksum” and only “delete” it if the checksum doesn’t conform to the plugin library checksum. Someone needs to “please explain”.