You can use the Advanced settings tab for a policy to block files with banned publishers or certificates.
The Advanced Settings tab for each policy includes a Block files with banned publishers or certificates setting. This setting must be Active (the default) for certificate bans to affect file blocking. The certificate setting is effective only in High, Medium and Low Enforcement policies. It affects only the enforcement of certificate bans, not whether you can assign a ban to a certificate. Also, your choice here does not prevent any certificate from being approved or an approval to be effective on a file.