If windows update uses the http protocol then the web shield I guess would scan the http traffic and newly created files (even temp ones) would be scanned by the file system shield.

If there are only two options Ignore or Delete then I would say that this is the anti-rootkit scan 8 minutes after boot. Generally the Ignore one is only recommended if it is s Suspicious not confirmed rootkit detection. Delete is there for a positive detection, but personally I never consider deletion to be a good first option, you have none left. So first do no harm and investigation are always the first steps

Unfortunately your question is too general to give a specific answer.

(I don’t believe any of the