That is a problem of any default-allow type security, based on blacklist rules. Fighting the new malware/vulnerabilities requires the updated blacklist. But, this solution is usable in open systems (frequent software installations) or for people who are not trained (or do not like) to troubleshoot the Windows events.
The most of the trouble is on the vendor side, so most users like this.
.
On the contrary, the default-deny type security is based on the whitelist rules. Fighting the new malware/vulnerabilities does not require many updates from the vendor side. The user can add entries to the whitelist when that is required by new software installations. It is usable in semi-closed systems or for the users who do not have problems with troubleshooting the Windows events.
The most of the trouble is on the user side, so most users do not like this.
.
Generally speaking, the properly adjusted default-deny type security will be always stronger than default-allow one. Why? If you do not drink alcohol, then you will not suffer from having the hangover.