Restricted Software - Computers moved out of smart group is still in scope?

Run a sudo jamf manage on the Mac, not a recon. Restricted Software gets updated on a system when the management framework is refreshed. See if that helps.

That block list is /Library/Application Support/JAMF/.blacklist.xml I find it gets refreshed about every 15 mins in my environment and jamf mange or recon had no effect on that.

@thoule I'm not sure what would be up with that, but I can assure you doing a sudo jamf manage refreshes the Restricted Software items on the Mac. I just did a quick test on this. We block the BootCamp Assistant application since we don't want people using it to install an unmanaged Windows OS on their Macs. I ran the app, Restricted Software blocked it right away. I then went into our JSS and to that Restricted Software item, added my Mac into the Exclusions tab, hit Save and within about 2 seconds ran a sudo jamf manage command on my Mac, and then launched the app again right after. The entire amount of time between me saving my Mac into the Exclusions tab and running the app again couldn't have been longer than about 10-15 seconds, and I was able to then keep BootCamp Assistant running - no Restricted Software block.
I then did the same process in reverse, removing my Mac from Exclusions, and as soon as I ran the jamf manage command the open BootCamp Assistant application was shut down and I received our block message.

Thanks all! Waiting for the user to come back from Lunch to test this :)

Do you know how often management framework gets updated automatically on the managed computers?

btw, just tested sudo jamf manage and that did the trick. Appreciate the responses here.

This should not be. If I scope a smartgroup to Restricted software, then I expect the restriction to be lifted automatically when that mac is no longer part of that smartgroup.