How to block aplications/processes from running?

Hi, I know how to block Internet connection with policy rules, but it is not clear how to determine suspicious precesses or apps?

you can use Kill Switch included in CIS6

Please see my article about How to Know If Your Computer Is Infected.