WEM 2302 get's detected by MS Defender Exploit Guard. MS Defender Exploit Guard has blocked an operation that is not allowed by your IT administrator. For more information please contact your IT administrator. User: NT AUTHORITY\SYSTEM Path: C:\Program Files (x86)\Citrix\Workspace Environment Management Agent\Citrix.Wem.Agent.Service.exe Process Name: C:\Windows\System32\lsass.exe Target Commandline: "C:\Program Files (x86)\Citrix\Workspace Environment Management Agent\Citrix.Wem.Agent.Service.exe"