The Do not whitelist items in the appdata directories is just an additional security feature, that honestly, we probably don't even really need. Basically, pretty much every virus or malware writes to these folders. So to stop the chances of a virus spoofing an Acrobat Reader update, for example, we added this option. Really, executables should never be ran from these folders anyway... executables belong in Program Files and Windows. But since they do not belong here, nothing here should ever be whitelisted anyway... but of course there are always exceptions, and that is why we have that option.