cb,
I'm using the Windows_Baseline_Detection policy from 5.2.8mp3. Within it, there would be a number of ways to suppress or omit detection events for system32\*.dll.
Just keep in mind that if you are becoming compliant with a 3rd party standard, you may still need to record the items, but not send alerts for them. If it's for internal FIM, then exceptions for specific items like DLL's may be the way to go.
options
1. remove the item from the policy. (in the windows_baseline_detection) it's under windows baseline detection options --> system file and directory monitoring --:> system filewatch monitor --> monitor system critical files --> core system files --> list of core system files
*note, there may be other items that are coming up depending on OS and path, just check the description path in the detection events details.
2. using the event wizard from the console to tune out detection of the specific instances of dll's that come into the console that are known to be business as usual. Open the event and click on the wand to launch the event wizard UI
3. use the ignore string to omit the specific dll's that are showing repeatedly.(same location as in #1)
overall, there is going to be a lot of tuning when performing FIM logging on a DC. It may be a better practice to record the event and then set up an alert for the items that are more actionable, ie, ntkernel.dll is deleted.