I had a similar problem ages ago - the simplest solution is to have multiple IP addresses on your server and when a problem arises and you are sure nothing bad is going on simply ask the data centre to swap to an alternative IP and presto you are clear again.
By the time the problem arises again (and it will) the old IP will be clean again so swap back.
My data centre seems pretty happy with doing this.
I swapped to Windows Defender/Firewall and MBAM - and a dose of common sense. Been using it for years without problem and (famous last words) been safe.