Default deny is the best approach from a safety point of view, but not for usability.
If you have a high detection rate (not only by first-hand detection, but also by behavior and heuristic), then you can reduce the amount of unknown apps, thus making less troubles to the users and avoiding such negative experience: