Spring4shell vulnerability and use of spring-beans...jar

Ours users are reporting their antivirus software catching …\elasticsearch\plugins\opendistro_sql\spring-beans-5.2.5.RELEASE.jar as security threat related to the spring4shell security vulnerability .

The users are not vulnerable as we are not running a servlet container or WAR deployed in Tomcat.
How can I see what is using the spring-beans…jar file?
Ideally I could just delete it to if it’s not being used by Elasticsearch.