I think you should check this thread out https://www-secure.symantec.com/connect/forums/how.... There are quite a few of the "big" ones on there like uTorrent and iTunes. There is also a great little  how to on the best ways to find the MD5. If there are any other that are not on that list you can post back here and we might be able to find them for you. Also as a side note you might want to think about an upgrade in the near future. I have always been one to say "if it isn't broken don't fix it", but our latest edition RU5 supports Windows 7 as well as fixing quite a few other bugs. Just something to consider.

Cheers
Grant

Sorry about the double post but I forgot to add one other thing. Someone has already suggested the idea of a global database where users could go to look up the md5 of various .exe. You should read it and Vote yes for it if you are interested. The link is here https://www-secure.symantec.com/connect/idea/sep-1.... The more positive votes it gets the more likely it will be implemened. I think the one is already In Review which is a good thing.

Thank you for the quick assistance. I have been trying to pull MD5's from that post prior to posting this. I did go to the other site to put my vote in as well.  I agree an update would be nice but we have no plans at this point to upgrade to Windows 7, but never know this could change as the operating system is gaining more ground and less issues.

I thought that was my fix, but after looking through the MD5 lists I realized it is going to be an administrative nightmare to constantly update and change the MD5's when a program is updated. So now I'm wondering if I start out with a standard base load with just the programs I want to be allowed on the computer, could I setup the block applications to block *.exe and then put in the do not apply to could I put like c:\windows\*.exe and c:\program files\*.exe and would it allow all the subfolders and files in those 2 main directories to run whatever is needed?

No Grant your dead on. And yes your right, even if I allowed those folders it would just be a matter of time before someone figured out you can drop an exe or whatever into one of the allowed folders and it would run. But to attempt to counter act that could it be possible to put in the blocked section the .exe names of certain programs like itunes, limewire, the messanger programs. I'm realizing the pitfalls to trying to make this simple it would not be as effective. 

Great, your dead on. I already have the list of programs that most end users install and run from doing the report option under policies to see what applications are being opened and installed.  The main reason I'd want to block Itunes would be to save on bandwith usage and the chat programs to keep people from chatting instead of working, but your right there are more serious programs to worry about first. Thanks for the help

Cheers,
Greg

First of all, you can use the 'checksum.exe' utility included with the software to generate an MD5 checksum of all executables in any directory. It will produce a text file containing the executable names and the checksums.

Second, you might want to look at the system lockdown feature. If you use a standard image in your environment and by policy don't allow your users to install any unapproved applications, it may work for you. I have been doing a lot of work with system lockdown, and will be happy to share what I've learned if you want to go in that direction.

Ok thanks for the other options. I just started with this company Monday and my first project was setting up the application control. Prior to me being here users have full range on their computers and it is causing massive headaches with virus removal, audio/video streaming.. you know the drill. So they asked me to work on this program and gain some control.