Away from my main computer right now, but I found a quick run through on a different thread for you. This is the method you should follow.
"You can simply go to communication settings for your group under Clients > Policies and check the "Learn applications that run on client computers" box. As per the description, "Clients will keep track of every application that is run and send the collected data to the management server." Once the logs are uploaded to the server, you can simply search for the application under Policies > Expand Policy Components > File Fingerprint Lists > Search for Applications. Once in this screen you can search by application name, file fingerprint, path, or you can list all the applications for specific computers, groups, etc. Once you find the application it should list the file fingerprint/md5. "
Once you have all possible md5 from legacy programs it is quite easy to block any program you wish running on any client computer. I can post the actual kb on this tomorrow if you would like, but I think this is enough to get you started. I believe it is all in the user manual too. If anything is unclear on this please post or pm me.
Cheers
Grant