It is possible to use wildcards in conjunction with folder paths to allow only specific file types to run in that location. You can further stipulate which executables are allowed to run by using the 'Metadata' field to match against.
Consider the following scenario - You redirect your users downloads directory to a network share. You require you users to be able to download and install applications such as Webex or Flash player etc. By default, Application Manager will deny anything on a remote location but you are reluctant to add an 'Accessible Folder' rule to make this location accessible outright.
You can create a secure solution by adding the accessible folder to the redirected downloads location, for example \\Server\Share\%username%\Profile\Downloads\*.exe
The addition of the \*.exe stipulates the extension of the file which is allowed
Within the Metadata tab on this rule, you can populate the Vendor, Product name etc (which can be found in the properties of the file you wish to allow) for example to only allow executables from Webex or Adobe