In your App Blocking policy, create the rules to block applications that you want. The last rule in your policy should be "Allow *". If you using *.*, then all applications must match a name.ext format. I have seen applications (the one example I saw was a 3rd party product update) that use exectuables that do not have an extension and *.* will not match those, and block it. Using just a single * will allow all applications, regardless of extension.
*NOTE: By putting an Allow * rule at the bottom of your policy, Adapative/Learn mode will not function after that. Just FYI. In order for Adaptive/Learn mode to function, the application being checked must check the rules and not find a matching rule, which is then matched against the assumed DENY ALL rule at the bottom of the policy (works like the Firewall; if not allowed, then denied).
Thanks a lot, Kary. It really works.