I read somewhere that the Application doesn't works on x64 clients, is it correct?
I think that both path or MD5 can't stop then, because the path can be anywhere on the this, the exe name the same.
And MD5 hash, we don't have the exe file to extract it.
All these procedures are to disable users from running Portable Applications coming from internet, pendrivers or some where sources, which is not allowed inside the company.
Our Windows policy already controls and deny user software instalations. But Portable Apps (like Thinapp from VmWare) virtualize software and don't need to install.