It should be possible by using negating on the ReadFilePath setting. Something like,
"!" meaning EXCEPT IF here, we're saying that C:\Windows and C:\Program Files are going to be read-only folders EXCEPT IF the program is firefox.exe or notepad.exe.
I'm describing this as INI settings raher than through the GUI because the GUI doesn't support the "!" at this time. (I should fix that.)
But why not use Start/Run Access and be done with it?