Try blocking in VSE "User Defined-Rules" Policy under "Access Protection Policies" category using rule type "File/Folder Blocking Rule". Mention the file name and restrict all actions exept file deletion. hope this would help not sure.. However if user is using exe with diff name then may not work..
Best of luck
Thanks, but File/Folder Blocking not really work. I'm using port blocking that block default port 9666 that worked. But if users change default port so... .