If I understand you question correctly, if an .exe can be configured as an allowed binary and as an updater as well are there any security risk right?
As far as I know, if an .exe is already part of your whitelist why should that be configured as an allowed binary again?
As per McAfee an .exe file which is already part of your whitelist can be configured as an updater (Eg. frameworkservice.exe -), check "Mcafee Applications (McAfee default)" policy.
So for I have never come across a situation or necessity where an .exe has to be configured or defined as an allowed binary and updater as well. Could you please give me an example in your case.