Software Restriction policies (SRPs) is a cool feature which has been in Windows Server for ages. It allows to create a whitelist or blacklist of applictions, thus preventing the exectution of many modern viruses. Newest version of SRPs is Applocker, but Applocker is only available in enterprise editions of Windows workstations.
Here is a tip to make SRPs work with Windows 10 - you need to allow necessary folders in C:\Program Files\WindowsApps folder. It is hidden by default, so you will need to enable viewing hidden files before you can brows WindowsApps.
You will also need to take ownership of the folder, otherwise NTFS will restrict browsing WindowsApps.
Also a good practise would be to do this on a test PC :)