Hi EmCatimbang-8232,
If you want to block programs from running on your system/network, you can easily create a Group Policy Object (GPO) to make that happen.
This is the traditional way of blocking software and it has limited performance as we explain below:
1) Launch REGEDIT
2) Expand USER CONFIGURATION > POLICIES > ADMINISTRATIVE TEMPLATES > SYSTEM
3) Double click on DON’T TUN SPECIFIED WINDOWS APPLICATIONS
4) Click ENABLE
5) Click the SHOW button
6) Type in the file name you want to block
This method should allow you to achieve what you're looking for. However, the problems with this method are:
This method only works per user and not per machine.
You can only use filenames, no paths, hashes or certificates. Think about what that means for UPDATE.EXE which you likely have 20 of for 20 different programs on your computer… not good.
This policy setting only prevents users from running programs that are started by the File Explorer process. It does not prevent users from running programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting does not prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.
--If the reply is helpful, please Upvote and Accept as answer--