Yes, there are ways to bypass App Ctrl. Powershell attacks are a known gap, so unless you remove it entirely from the picture, then your systems are vulnerable. There's also the ability to boot from alternate media to get around the protection that App Ctrl offers. I believe that you're also able to disable if you boot to SafeMode, though I've not tried it. It's an effective tool when there are other layers of security applied as well, but surely not fool proof on its own.