I was thinking the same thing. I could always use a whitelist with applocker but unless you sandbox all applications that run interpreted code...
Also, how would you prevent malicious interpreted code from being introduced into your environment. How would you mitigate some of the damage...
Say I wanted to stop 100% of unknown code from launching in an enterprise environment. This includes javascript, executables, dlls, flash,...
Separate names with a comma.