I suspect the issue is with 6015, it seems to fire on alot of microsoft processes: outlook.exe, communicator.exe, etc, with the advanced parameter of clr.dll and a few others that I can't recall off the top of my head.
I would not block 6015, but rather set it to informational, and log. It seems to create a bunch of noise. I think they attempted to fix it in one recent content update, but for us it continues to generate false positive data.
FYI, Signature 6015 is a generic signature that provides enhanced "Suspicious Function Invocation". It can generate more false positives than other signatures, but this is by design of these signatures (432, 6012, 6015, etc.). Content updates are made to them, as needed, but like other signatures and events, tuning them to your environment is still required.
KB59683 - Host Intrusion Prevention 7.0 Content Analysis: IPS Signature 432 - Suspicious Function Invocation