You have set up Windows Local Group Policy to disallow running cmd.exe for addressing vulnerability in a Citrix environment. However, you found that Computron fileview.exe can still run cmd.exe from the "Run external program" function.
Computron fileview.exe application is working as designed, in this case. Users may have valid reasons for running external programs from within the Computron Fileview application, for example, running Excel for downloading a report output.
This is not a Computron issue. It is recommended that you reach out to Microsoft support to pursue a security change with regard to the vulnerability in your Citrix environment.