Your comments

We've been seeing something similar with DLL files being blocked. We have Defender for Endpoint P2 licensing with ASR rules in place and we're finding that the rule for Block executable files from running unless they meet a prevalence, age, or trusted list criterion is blocking updates on our technicians' workstations. We've added exclusions based on digital signatures for the executables, but the DLL files are also getting blocked and are not digitally signed. 

It's become a royal PITA every time an update is rolled out.