Sir,
Based on my own experience on the application blocking. The best thing to use is the filefingerprint blocking. you may use the Checksum.exe for this.
Run the Checksum.exe on the CMD then make a name for the .txt file for the logs. You will get the checksum.exe on the programfiles/symantec/SEP/checksum.exe
After you do these, you may go to the text file and look for the files you want to block. Get the file fingerprint and add to the application policy.
here is the example:
4d17f113d56ec082f6a32bab34ad9fc8 c:\Program Files\VirtualDJ\virtualdj_home.exe
copy the file fingerprint. (it is in italic and bold above) and add to the SEPM apps and devs control.
Apply to the group,
Then thats it... proven tested.
chuchi