My company uses CB AppControl and its policy is to deny every execution unless whitelisted. Whitelisting is done by binary or in some specific cases by publisher (i.e. Microsoft)

I’ve been tasked with trying to execute a binary that’s not whitelisted and so far, I’ve tested all lolbas executables and AppControl will block every attempt, for example.. using regsvcs.exe to execute the binary. AppControl blocks regsvcs.exe because child process is not whitelisted.

So, looking for suggestions about where to next?

PS: This is not a pen test/black hat activity. This is just a small cyber sec team trying to see how effective a tool really is.