Which security measure defines what is not allowed to run on a system?

The correct measure that defines what is not allowed to run on a system is the block list. A block list, also known as a blacklist, specifically outlines the applications, processes, or users that are prohibited from executing or accessing certain system resources. This approach focuses on identifying and denying potentially harmful software or actions, thereby enhancing the security posture by preventing known threats from causing harm.

In contrast, an allow list (or whitelist) operates on the principle of permitting only those applications or actions that have been explicitly granted access, thereby blocking everything else by default. Immutable systems are designed to be unchangeable once deployed, ensuring consistency and reducing vulnerabilities from changes, but do not inherently specify what is disallowed. Antivirus solutions revolve around detecting, quarantining, and removing malware rather than setting explicit permissions regarding what can and cannot run on a system. Thus, the block list specifically fulfills the role of defining and restricting access based on what is deemed harmful or unauthorized.