I second this feedback. In addition to the "GCService" and "MMAExtensionHeartbeatService" that John mentioned, I'm also seeing this recommendation for "vmGuestHealthAgent" and "HybridWorkerService" as well. Both of these additions also reside in "C:\Packages." Does the security recommendation *actually* intend that I change the executable path for Microsoft services??