This will be highly dependent on what exact application you have in mind. Here are a couple options, in no particular order:
1, Deny policy targetting ISDB destinations
A well-known app with known IP:port lists can be blocked by an explicity DENY policy with the destination set to the ISDB entry relevant to the application. E.g. TeamViewer-TeamViewer.
2, Application Control signature blocking
Well-known applications may also have pre-made signatures. Those can be set to block in an Application Control UTM profile, which you can then apply to your internet-access firewall policies.
3, If the app is HTTPS/DNS dependent (must resolve some FQDN to function, or uses standard HTTPS for communication), you may be able to get away with simply blocking the relevant FQDNs with DNS filter or webfilter. (e.g. add static URL filter entries with block action)
4, For custom/less known apps: If you're crafty enough and have some knowledge of the application's protocol(s), you may be able to create your own custom IPS signature to block the application with Application Control. Documentation here
5, Alternatively, if the signature doesn't exist yet and you think other users would benefit from it being made, you can submit a request for a new AppControl signature here.
Note: With signature-based blocking, you may or may not need to utilise deep packet inspection (HTTPS/TLS decryption).
