I am not sure what the point of the filtering for applications is. Any program that a user has 'permission' for can potentially be used to invoke another application even though it may not be 'published'. All this application publishing is merely a clipped window presenting the application, there is just no security here.
I guess that is the whole point, it is called filtering! If admins do not want users to run an application they should block it. You can still connect to the server in full desktop and do whatever you want. App publishing is there for users which do not want multiplr desktops
