Fileset recipe to block applications by name (macOS Script)
The Fileset will block the supplied list of applications on your macOS machines by running a script every 5 seconds on your client machines.
Step-by-step guide
Download, edit and associate the below Fileset.
- Download the "macOS - Block Applications.fileset.zip" below.
macOS - Block Applications.fileset.zip - Import the "macOS - Block Applications.fileset" into the Filesets tab of the Filewave Admin.
- Edit the Fileset to include the appropriate list of applications to block.
Select the install_block_application.sh file and then Get Info
Edit the Executable > Launch Arguments to include the binary name of any app to be blocked, e.g Messages, FaceTime, and Keychain Access
- Associate the Fileset to a handful of test machines so you can see the behavior of the Fileset before mass deploying to all of your devices.
- After that, you are Done!
Binary Names
To find the name of the binary to block, take a look at the application's contents. Every App has the same directory structure > ApplicationName.app/Contents/MacOS/ApplicationName, where ApplicationName is the binary to block, e.g.
FaceTime
/Applications/FaceTime.app/Contents/MacOS/FaceTime
Terminal
/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal
If you are wanting to block an Application with a space in the name like Keychain Access, you will need to have quotes(") around the name. So you would add, "Keychain Access", to Executable > Launch Arguments.
Blocking Install macOS Apps
Install macOS Apps may be blocked by supplying the following Launch Argument in the Fileset:
osinstallersetupd
However, this will block all Install macOS Apps. If you wish to block one installer, e.g Catalina, but have workflows that require earlier versions to install, consider the following Fileset example:
macOS - Block Applications Including macOS Install App.fileset.zip
Use this Fileset instead of the earlier one and supply all desired Apps to block as per below.
Inside the install_block_applications.sh script you will find a 'case' block. This section should be edited to meet your requirements. Current settings within the Fileset below.
This will only allow the macOS Ventura Installer.app to run. All other macOS Installer Apps will be prevented from running:
case \$process_details in
*"Ventura"*)
log_me "Found: \$process_details"
log_me "Nothning to do"
;;
*)
block_me "osinstallersetupd"
;;
esac
Examples
Block Sonoma and Ventura, but allow any other installers
As well as allowing older installers than Ventura to run, this will also allow newer installers beyond Sonoma to run.
case \$process_details in
*"Sonoma"*)
block_me "osinstallersetupd"
;;
*"Ventura"*)
block_me "osinstallersetupd"
;;
*)
log_me "Found: \$process_details"
log_me "Allowed. Nothing to do"
;;
esac
Allow Ventura, block any other installers
Ventura and Monterey installers will be allowed to run, but all other installers, including newer ones, will be prevented.
case \$process_details in
*"Ventura"*)
log_me "Found: \$process_details"
log_me "Allowed. Nothing to do"
;;
*"Monterey"*)
log_me "Found: \$process_details"
log_me "Allowed. Nothing to do"
;;
*)
block_me "osinstallersetupd"
;;
esac
Related Content
The following KB, has an alternate method for blocking just macOS Installation Apps, with user interaction:
No Comments