Sorry for the very late reply on your post. I hope the informaiton below helps.
I have not seen CryptoLocker run under svchost.exe to encrypt the files. Every time I've had to collect samples they have been random files usually in the same location. Its probably okay to exclude svchost.exe from the rule you have in place.
Tier II MSTEG
Thanks for the info Kyle, I appreciate it!