A very easy way to to do this is to enable log learned applications. This will log every .exe that runs on a system and report it back to SEPM with fingerprint information, version, path, etc.... Think of this as an application inventory.
Then you can run a query for the application and export to to excel. Copy and paste the file fingerprint to your app and device policy.
If you want to block applications with the firewall it's even easier. You can run a search for an application using the firewall rule creator wizard. It will bring back the same info as above and then you select all of the different versions to add to your firewall policy. Of couse this is really only helping to block applications from communicating over the network.