Blacklisting

Blacklisting (also called denylisting) is a security approach where known malicious items — applications, email addresses, IP addresses, or websites — are specifically blocked, while everything else is allowed by default. Traditional antivirus software uses blacklisting: it maintains a database of known malware signatures and blocks those, but allows everything else to run.

Blacklisting is easier to implement and less disruptive than whitelisting, but it's inherently reactive — it can only block threats it knows about. New malware, zero-day exploits, and novel attack tools won't be blocked until they're identified and added to the blocklist.