a policy that would block all applications trying to access the internet
This would be done by a Firewall rule policy, not a Host IPS custom signature policy.
Along with this we would like to be notified when a non-approved application tries to access the internet.Typically a firewall rule would be configured to allow approved application network traffic, instead using a firewall rule to block all non-approved application traffic. If you're wanting to block specific applications, then that would be done via a BLOCK rule.
In the previous versions of HIPS there was an application blocking feature but I am not sure if that is what we are looking for.
This was a feature to whitelist applications to run in the environment. It does not have the ability to define what that application can do after it's allowed to run.