In this thread, we are talking about execution default-deny. The 'default-deny' is also commonly used in the context of the network traffic.
The most common definition of execution default-deny setup would be as follows:
The crucial system processes and processes whitelisted by the user are allowed to run. Other processes are not allowed to run. Additionally, there can be some restrictions for DLLs or files that may have active content (scripts, scriptlets, documents with macros, etc.).