Emmm... I think this will block virtually all browser plugins that you don't install immediately after clean install of you machine.
And btw, this won't work with the massive amount of games that comes with updater that the modules could be updated when the game is updated, especially those which come with 3rd party DRM or "anti-hack" libraries.
Since I think these roughly accounts for 70% of daily usage of domestic PCs, it makes such feature little value for combating malwares.
It'd be much easier to allow the manifest files to declare which folders would it want to have access, and have an object containing this information attached to all the threads that spawned by the EXE. Although this won't work for browser scenario, it works for games and mail clients which remains to be the most common way for the spread if malwares.