Really preventing a change will be hard to impossible...
BUT usually it should be enough to be able to recognize whether it has been changed... to achieve this you basically need to implement some variation of the following scheme:
- Create a hash of the file (together with a salt)
- Store that value in your app.config
- In your application read the file and recalculate that hash (with the same hash)
- IF that value matches what is in your app.config all is fine, otherwise it has been changed and you need to take the appropriate action
To take the above a step further:
You could embed a copy of the file as an "embedded resource" into your application (EXE/DLL) and replace the file on disk on startup with the content of that resource - this way you make sure that the file is always what your application expects.
DISCLAIMER: the above scheme won't stop a really determined "attacker/hacker...".