Hi Everybody,
Thanks for your quick reply.
All the .DLL files I'm trying to exclude are false positive.
My problem is a same dll can be located in many different sub folders in c:\users\....
In the risk log, they are seen as:
"Status": infected
"logged by" : Defwatch scan or shceduled scan
and SEPM forces the server to reboot everyday because of that :-(