Based on what I'm hearing here I'm changing the "Action" on my "File System Shield" to "Do Nothing" across the board (at the root of my "Computer Catalog"). Hopefully this setting gets out to client computers quickly. (The last thing I want is for Office apps, Chrome, etc to start breaking). So far this hasn't been user-visible to anybody yet (or, at least, the Helpdesk isn't blowing-up.)