Fileset recipe to block applications by name (macOS Script)

The Fileset will block the supplied list of applications on your macOS machines by running a script every 5 seconds on your client machines.

Step-by-step guide

Download, edit and associate the below Fileset. 

  1. Download the "macOS - Block Applications.fileset.zip" below.
    macOS - Block Applications.fileset.zip
  2. Import the "macOS - Block Applications.fileset" into the Filesets tab of the Filewave Admin. 
  3. Edit the Fileset to include the appropriate list of applications to block.

    Select the install_block_application.sh file and then Get Info


Edit the Executable > Launch Arguments to include the binary name of any app to be blocked, e.g Messages, FaceTime, and Keychain Access

  1. Associate the Fileset to a handful of test machines so you can see the behavior of the Fileset before mass deploying to all of your devices. 
  2. After that, you are Done!

Binary Names
To find the name of the binary to block, take a look at the application's contents. Every App has the same directory structure > ApplicationName.app/Contents/MacOS/ApplicationName, where ApplicationName is the binary to block, e.g.
FaceTime
/Applications/FaceTime.app/Contents/MacOS/FaceTime

Terminal
/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal

If you are wanting to block an Application with a space in the name like Keychain Access, you will need to have quotes(") around the name. So you would add, "Keychain Access", to Executable > Launch Arguments.

Blocking Install macOS Apps

Install macOS Apps may be blocked by supplying the following Launch Argument in the Fileset:

osinstallersetupd

However, this will block all Install macOS Apps.  If you wish to block one installer, e.g Catalina, but have workflows that require earlier versions to install, consider the following Fileset example:

macOS - Block Applications Including macOS Install App.fileset.zip

Use this Fileset instead of the earlier one and supply all desired Apps to block as per below.

Inside the install_block_applications.sh script you will find a 'case' block.  This section should be edited to meet your requirements.  Current settings within the Fileset below.  

This will only allow the macOS Ventura Installer.app to run.  All other macOS Installer Apps will be prevented from running:

	case \$process_details in

		*"Ventura"*)
			log_me "Found: \$process_details"
			log_me "Nothning to do"
			;;
		*)
			block_me "osinstallersetupd"
			;;
	esac

 

Examples

Block Sonoma and Ventura, but allow any other installers

As well as allowing older installers than Ventura to run, this will also allow newer installers beyond Sonoma to run.

case \$process_details in

		*"Sonoma"*)
			block_me "osinstallersetupd"
			;;

		*"Ventura"*)
			block_me "osinstallersetupd"
			;;
		*)
			log_me "Found: \$process_details"
			log_me "Allowed.  Nothing to do"
			;;
 esac

Allow Ventura, block any other installers

Ventura and Monterey installers will be allowed to run, but all other installers, including newer ones, will be prevented.

case \$process_details in

		*"Ventura"*)
			log_me "Found: \$process_details"
			log_me "Allowed.  Nothing to do"
			;;
          *"Monterey"*)
			log_me "Found: \$process_details"
			log_me "Allowed.  Nothing to do"
			;;
		*)
            block_me "osinstallersetupd"
			;;
 esac


The following KB, has an alternate method for blocking just macOS Installation Apps, with user interaction:

macOS - Block Apple Install macOS Application


Revision #12
Created 13 July 2023 21:22:15 by Andrew Kloosterhuis
Updated 10 January 2024 11:55:52 by Sean Holden