Yes. If you enable the default executable rules, only applications that are installed in Program Files / Program Files (x86) and Windows are allowed to execute for standard uses. Administrators get an override to run anything and therefore can install software.

Also consider enabling the DLL feature with the default ruleset. This prevents surprise DLL injection from happening. Despite the warning that DLL rules can affect performance, I can't tell a difference.

One gotcha is that Google Chrome, Amazon Kindle for PC, Cisco WebEx and Citrix GoToMeeting, etc. install themselves per-user into AppData or the global AppData folders which aren't allowed to exectute. All of these companies use code signing, so you can create publisher rules to trust code from Amazon, Cisco, Google, Citrix, etc.

I'd also consider enabling the script and installer rules. I like add a rule to Permit *.ps1 since PowerShell has its own script execution policy.