Need to exclude file/folders from MsSenseS.exe scanning. Due to this sometimes MS patches getting failed when the patch size is around 1.4 GB and resulting in "Access Denied" in CBS log. Not sure whether others facing the same kind of issue.
Also, Have tried excluding the MsSenses.exe from scanning.. but that didn't worked and i believe that will not work. This is specific with Microsoft Security Center where we did implemented WDATP in MMA Agent of configuring Azure Workspace ID and Proxy. After which the mentioned MsSenseS.exe is getting popped up in process and from proc mon i could see this is frequently been logged (Attached the snippnet). After removing the Azure workspace key, i could able to install the patch successfully with no access denied in CBS logs.