Moved provisionally to ePO for faster handling
I don't want to whitelist all the applications a user has installed, only the ones that are installed without administrator privileges and intervention like Google Chrome.
Depending on which product your using to do this I would suggest putting it in a reporting only mode then gather the applications over a week period of time and adjust the policy to exclude the ones you want.. Every business / user will have different apps that are installed without administrator privileges... be hard for someone to provide a list.
I know with their HIPS product depending on policies and levels of protection you can have them report (ex. High blocks, Medium reports), If its VSE and its a user defined policy set it to report only first then block once you gather the applications.