Sure you can. Just create an access rule where you deny all .exe files for the protocols you want, then create another access rule where you allow access to the url where the .exe file you need is located. Regards, Wilmar Perez