Blocking specific file names while allowing specific file type

Hi all, What would best way to allow file1.exe file2.exe to enter, but block ALL other *.exe files. Also while *.exe is allowed as a file type within ASM policy. I'm worried about order of operations. I'm working with 12.2 and I don't see ability to enter regex for file types. I was hoping I could do this like I would do regex within parameter type.

 

Any suggestions? What if I I block *.exe as file type in ASM but then have file1.exe file2.exe as irule to allow it? What about creating a unique ASM signature?

 

If anyone is doing this would appreciate some input. Looking for best approach.