CIS no longer detects shell code injections from buffer overflow exploits, that setting is only used to add application exclusions that you don’t want cis to load the guard.dll into.
When guard32/guard64 is not loaded into an application, then HIPS and containment effectiveness is reduced for that application. For instance, if you add a keylogger to the shell code injection exclusion, you won’t get direct keyboard access HIPS alerts to block keylogging attempts.
In regards to the PoC, it doesn’t matter if the guard dll is loaded into the executable, because cis does not monitor access to the service control manager by default.