I don't think the acsocktool.exe would have nothing to do with SAML authentication which is the focus of CVE-2024-20337. It seems as though Windows Defender is simply looking at the version numbers and determining a vulnerability.
If an AlwaysOn profile is present in the client profiles directory all other profiles will be deleted. It is not possible and not supported to have multiple profiles installed when an AlwaysOn profile is present.
I noticed that we have recently updated the release notes that the IGTK workaround would only apply to networks configured for 802.1x, and NOT PSK. You might be hitting a new issue (CSCwj50019) where when selecting the network from the NAM scanlist ...