A whitelist blocks everything except what you specify. Yes, this would block everything under the users profile that is an executable or anything specified in the srp file types. If you need something like WebEx that is notorious for installing under the users profile then just create a certificate whitelist rule for WebEx. A whitelist may be more work up front but you will be glad you did it once you have everything configured. This keeps your environment in check when users are trying to install things out of the blue. The template allows things under prog and windows to run since you had to be an admin to install to these locations by default.