You may have received an Exchange report from us, these are valid and likely not false positives.
UPDATE 8/24: Our researchers are finding some hidden webshells on some end points and we are sending out reports--even with the latest patches. Remember the patches prevent or remove new webshells from being dropped on a machine. It does not prevent an existing web shell from being executed.
There are new vulnerabilities identified after the "ProxyLogon" vulnerabilities and requires a more recent patch--
15.01.2176.014+ for Exchange 2019 and
15.01.2242.010+ for Exchange 2016.
More information here: Exchange Report - ProxyShell