One thing some of you may consider implementing to assist with the blocking of this is an Application Control policy. I've helped out a few other customers implement something similar and it's fairly easy to keep up with and add to if needed.
Here are some quick steps to implement this as part of your Application Control Policy. (Note: If you have never used Application Control before then it will require one reboot for it to become enabled after the policy has been deployed. As always please ensure that you test anything before you implement it as Application Control is quite powerful.)
1. Edit your Application and Device Control Policy
2. Select Application Control
3. Click Add..
4. Change the Rule set name to something of your preference.
5. Select Rule 1 under Rules.
6. Next to "Apply this rule to the following processes:" select the Add... button.
7. Under "Process name to match" type *
8. Click OK.
9. Next to "Do not apply this rule to the following processes:" select the Add... button.
10. Type Rtvscan.exe
11. Click OK.
12. Under Rules in the left pane select the Add... button
13. In the drop-down menu select Add Condition->File and Folder Access Attempts
14. Select "File and Folder Access Attempts" in the left pane.
15. In the right pane next to "Apply this rule to the follow files and folders:" select the Add... button.
16. Type: %appdata%\*\*sysguard.exe
17. Click OK.
18. Add any other paths or files that you would like blocked. (ex. %programfiles%\InternetSecurity* or %systemroot%\system32\winhelper86.dll)
19. Next select the Actions tab.
20. Under Read Attempt set the action to "Block Access".
21. Under Create, Delete, or Write Attempt set the action to "Block Access"
22. Set any other logging or notification options as you please.
23. Click OK.
24. Ensure that the new "Rule Set" you created is checked as "Enabled.
25. Ensure that the Test/Production field is set to "Production" (If you are interested in implementing it now, but you should still test anything you have done before you deploy it site-wide.)
26. Click OK.
27. Verify that the Application and Device Control Policy has been applied to the groups you want it to be applied to.
I have had a lot of success using policies such as this in the past and it is fairly easy to update or add to at any point in time going forward.
Anyway, hope that helps! Feel free to PM me or reply if you have any questions about any of this or simply open up a case with support and someone will be glad to assist you.
Good luck!