AppLocker

AppLocker is an extension of the native group policy software restriction policies. It can be used to block applications wholesale or can be granular, where it will only allow applications to run when they are a particular version or signed with an accepted digital signature/certificate.

Setting up AppLocker is a fairly simple exercise in the Group Policy management console. You can even put all your allowed programs into a reference folder and let AppLocker inventory the folder and develop a policy based on those binaries. This is an exercise well worth the effort for the administrator looking to prevent malware in their environment.