The source code in question appears to have been obfuscated (possibly just for brevity). I'd guess the Defender signature in question was written around the packer/obfuscator.
yeah, that'd be my guess. It's going to be in different representations in the source and the executable but if I was writing a signature for it straight up I'd probably add the C escape representation as well for good measure.
