You have integrated Endpoint Encryption Removable Media Encryption (SEE-RME) and Data Loss Prevention (DLP) using FlexResponse and have a DLP rule that allows certain users to copy files to removable media without encryption.
However, when *.exe files are copied to removable media, they are still encrypted.
Upgrade to Endpoint Encryption 11.3 MP1 or above. In release 11.3 MP1 and above, executable files are encrypted according to DLP policy rules rather than always being encrypted.
If you cannot upgrade, to workaround this issue, create a new Removable Media Encryption policy that excludes *.exe files from being encrypted and apply this policy to the affected endpoints.