TOR Blocking

I'm attempting to block TOR so that CryptoLocker/CryptoWall has no contact by which to  download and encrypt my users workstations. 

I have version 4 MR3 Patch 11 of the FortiOS on my Fortigate 300C. 

All the information I've found says to use the Application Control section to setup blocking with TOR and Tor2Web, then attach the Application Control to the Outbound policy (Internal to Internet) in Policies. I have done so, but the TOR Web Browser still allows me to browse out. Is this an accurate way of being able to tell if outbound TOR is blocked, or is there another way?

I'm not sure this is working. Any help would be greatly appreciated.