That's the link posted above - most likely my article on how to use SEP to block EXEs from running from certain places and certain files from being created.
I've done a lot of updating of that policy, and it now prevents the ALOT toolbars as well as many rogue AV apps - which often come in the guise and form of BHO, Browser Helper Objects.
Not only has it saved us, but I can also monitor some EXE files, so that folks can still install webinar software and such, but I see what's going on........... or block it and create exceptions for the legit stuff.
Takes a bit of time, but far less than clean-up!