Moved to ePO for faster response.
Any Access Protection logs from the last couple days that would indicate a problem applying that setting?
As you are pushing this rule out by Group Policy maybe your protection suite is detecting the change and thinks it's a malware threat?
Can you add the location as an exception? https://kc.mcafee.com/corporate/index?page=content&id=KB50998
I presume that where the image is located is a globally accessible location?
Hope this helps.