as ACL blocks it only outbound, means that client will be able to get to the server and, if above description is correct, server will be able to get back to client.
Honestly, we are shooting a fly with a bazooka, but if GPO
are loose enough not to block SMBv1
, then this might be very quick remedy to prevent worm from excessive spread. Not saying it is perfect though...
I cannot speak officially so for confirmation I strongly advise you to contact Microsoft support to get this correctly answered.