We are looking into this issue now, Are there any steps you could provide to help us replicate this issue?
just to add have also seen these logged events when ASR rule to block credential stealing is enabled. but I dont really care as reflect still works.
step1 - enable the blocking of credential stealing in micorosft defender ASR rules using powershell/reg or 3rd party util
step 2 check logs
e.g Event 46 ID: 1121 - 6/12/2022 8:42:14 PM
Message: Microsoft Defender Exploit Guard has blocked an operation that is not allowed by your IT administrator.
For more information please contact your IT administrator.
Detection time: 2022-06-12T19:42:14.905Z
User: NT AUTHORITY\SYSTEM
Process Name: C:\Program Files\Macrium\Common\MacriumService.exe
Inheritance Flags: 0x00000000
Security intelligence Version: 1.367.1460.0
Engine Version: 1.1.19200.6
Product Version: 4.18.2203.5