Audit File System in Server 2012 R2 and Event 4656

When I recently enabled file system auditing on a Windows Server 2012 R2 I was overwhelmed by the volume of events generated.  I'm talking >4 GB/day in some instances!  When I manually inspected the security event logs it appears to me that the majority of the events generated were event id 4656.  According to all of the documentation I can find this event should only be logged if the Audit Handle Manipulation subcategory of Object Access auditing is enabled.  In my case I hadn't enabled it!  Even the official MS documentation doesn't mention that event.

When searching for info I came across this comment at the bottom of a serverfault post:

Currently, under Server 2012 R2 events 4656 will generate even if Handle Manipulation category is disabled. In our case, we have enabled Audit File System category which was only generating 4660-4663 events on previous Server versions (2008-2008R2-2012) but on Server 2012 R2 this initiates overwhelming flow of 4656 events. The issue has been reported to Microsoft however there is no resolution yet.

I've yet to come across any official discussion of this, but  this certainly corresponds with my experience.  This thread was from June 2016, with a followup comment in January 2017.  Is this an undocumented feature?  A bug?

Luckily for me I'm using Splunk to ingest these logs so I was simply able to add:

blacklist1=EventCode="4656"

in the [WinEventLog://Security] stanza of C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_windows\local\inputs.conf in order to filter it out.  YMMV!