Simply create another rulebase entry at the top of your above any of your existing untrust entries that blocks the one named user from any applications you wish to block for them. You actually can't negate the source-user in a security entry, so you have to do it via a specific policy or by stripping the user out of the user group you are using to grant untrust access.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!