Currently users must send a request to Sophos Labs to have a file blocked by Application Control. It would be good if users could create a custom block list to deploy across their environment - for example, block/alert on SHA256 hash, filename, regex, directory path, etc.
Having the option to alert (not block) would be useful too, so use of applications that are required, but suspicious can be monitored.
Gerson Carlo commented
Great idea!, also option to allow an app then the rest are block all.