Yeah, there's the kicker - you have JAVA and a few other supposedly legit things using that, plus check under a user profile, application data for example - you'll find EXE and DLL files.
IMO, this violates security common sense, but since when was Adobe and some others like GOOGLE!!!! ever accused of being concerned about security?
So I've created some exceptions to allow a few things we use like web meeting software, and similar to work.
As a side, it's blocked some folks from installing GOOGLE Chrome! Yes, like I say, google ignores SECURITY and Microsoft policy by installing to and running from the user profile area, attempting to actually install the Chrome browser........ we found it so lax in security that we banned use of that browser early on anyway, but I found it interesting who and what attempts to install there.
You have to have some exceptions, but I simply have created those exceptions "as needed" and sit back while these rogue things are blocked.
Here's a kicker - SEP an hour ago didn't recognize it, now with a scan I triggered (update content and scan) it's suddenly saying "oh, I know this threat!".
Just shows how critical it is to stay current........sort of interesting to note they did have today's defs, so were current, but now have a later build of todays defs.