We have the same problem.
That's why we don't upgrade yet.
Full client isolation is very important and we want it to work.
The manual does not give a very good explanation we think.
You can make whitelists but if we add our DHCP/DNS we also expose our shares (cause the machine is both Active Directory, DHCP, DNS AND FILESERVER)
How do we fix this?