Unfortunately, this isn't a Fiddler question, per-se. When it attaches as the system proxy, Fiddler asks the system to change the proxy settings to point to 127.0.0.1:8888 (where Fiddler listens). That request is sent to WinINET, the network stack that is used by Internet Explorer. It sounds like something is different between WinINET for IE9 and WinINET for IE11 such that the latter does something in such a way that your security software is unhappy.
If Fiddler says it is running elevated, that means that either you are actually an administrator on your system, or your IT Admins have introduced some hackery whereby Fiddler runs elevated in some other user account.
For what it's worth, if you're using Chrome or Firefox as your client, you can make either point to Fiddler without
changing the system's proxy settings as a whole.
Do you want to have your say when we set our development plans?
Do you want to know when a feature you care about is added or when a bug fixed?
Telerik Feedback Portal
and vote to affect the priority of the items