Support

Are you using any third party service other than Sucuri on your site?

First, please make sure your site's database and database table name prefix are not used by a different site on your user account or server. If you have two or more sites sharing the same database tables, Admin Tools will constantly see changes in critical files since the files between the two different sites are not identical.

If this is not the case, you can reset Admin Tools' cache of critical files information. Go to the Admin Tools, Web Application Firewall, Configure WAF page and set "Monitor Critical Files" to No. Click on Save. Now set "Monitor Critical Files" back to Yes. Click on Save & Close. You may receive one more email, and Admin Tools will now update its information about your critical files.

If this does not help, do keep in mind that what you described means that there is something rewriting your configuration.php file every time you receive this email. Assuming it is not you (or another Super User on the site) saving the Global Configuration, it must be either a Joomla extension, or a third party script running on your site. 

In this case I would like you to open your configuration.php file. If you see a line starting with public $execution it's definitely caused by a third party service. The hint is that Joomla itself does not have such an option in Global Configuration, but we've seen a certain third party service overwrite the configuration.php file of some sites, adding this line. Think about all services you use, even those you do not think should be writing anything to your site. I am not allowed to tell you which one because certain shoddy companies resorted to legal threats instead of fixing what we exposed is broken. That's the crazy world we live in.