So this sounds like the reputation of the exe (kix.net.exe in this case) was classified by McAfee ATP as "unknown". And apparently McAfee ATP in your environment is configured to treat those type of detections as suspicious/malicious and block them.

This is a common issue with dynamic application control solutions (such as McAfee ATP or Windows DAC) and applications that aren't used as much in the wide world (application reputation is based (amongst other things) on global usage metrics).

The way around is to configure the dac-solution to exclude the exe. If the exe is signed, you can use the signing cert for that. If not (as for example kix32...), you can use the hash.

For McAfee (or Trellix...) this is documented here: https://docs.trellix.com/bundle/endpoint...73E65B359C.html

Let me know if this helps.