If you don't mind enrolling your SEPM into the cloud you can use a blacklist the way you are describing. The cloud portal introduces advanced visibility and controls to detect and remediate emerging threats in your environment.
The cloud portal also leverages Symantec Endpoint Protection's advanced machine learning capabilities to provide visibility into suspicious files and intensive policy-based control of anti-malware. Advanced machine learning does not require signatures to make sure that threats are stopped in your environment.
The following is a high-level summary of the features:
Discover and block suspicious detections with the Intensive Protection policy
Product configuration to optimize for low-bandwidth environments
Integrated management with central blacklist and whitelist
Modern cloud portal for managing advanced features