When using Application Control in Apex One as a Service to block applications, the blocking will depend on the match criteria used. Different match methods will block the application depending on the application behavior. The recommended match criteria for each method are:

1. Hash: Can block the application regardless of location/file path. Useful for standalone applications that do not receive regular updates. Hash changes when the application is modified/updated, so the administrator needs to update the match criteria every time the hash changes.
2. Certificate: Can block the application regardless of location/file path. Can block applications that are regularly updated/receive updates as long as the application uses the same digital certificate. Cannot be used to block applications that do not have a digital certificate.
3. File Path: Can block applications using specific path without affecting other applications using the same filename. Using wildcard may increase resource usage since agent needs to scan for the application on the path. If the application file path changes, blocking may not work properly. Changing the application filename will result in failure to block the application.
4. Application Reputation List: Contains a list of known good and bad applications that customers can select to allow or block on their environment. Highly dependent on the application versions listed on the Application Reputation List. Dependent on applications with digital signatures, thus, applications without digital signatures will not be added to the list. Modified versions of the application cannot be blocked since the list only contains the clean/original version of the application from the application vendor.

We recommend having a combination of two or more match criteria when blocking applications to ensure that if one method does not block the application, the other method would be able to block the application. For uTorrent, there are different versions available in the internet, ranging from those standalone applications to the application from the vendor itself to modified applications used by people who perform peer to peer sharing. Thus, we may not be able to fully block all those versions as these could have different hashes, certificates, file path, etc.

If the aim is only to block uTorrent from the application vendor, using a combination of file hash and certificate should block the application. Do take note that the policy needs to be regularly maintained to ensure that later versions of the application would still get blocked. Lastly, please enable assessment mode when testing the Application Control policy before deploying the policy to the rest of the agents to avoid interruptions to the operations.