We have a customised teamviwer host exe file that runs on our computers that I would like to allow through application control but block all other teamviewer sessions. I added a custom signature obtained from programs on this site. [link]http://esrg.sourceforge.net/utils_win_up/md5sum/[/link] F-SBID( --name "Teamviewer.exe"; --protocol tcp; --app_cat 7; --crc32 A8E3C36C,32437591; ) Once I did this and applied the signature to the appropriate application control. Our customised host exe was still not being allowed through the firewall . Am I heading down the correct path with the syntax of the custom app control and is there anything else I need to consider?