Is there a functional equivalent?
On the Windows side of the house, we're setting up AppLocker to only allow applications from trusted publishers to run. Applications that aren't code signed will be reviewed and code signed using our internal CA. This is proving to be a great solution as it's easy to manage and doesn't rely on file system paths. As long as the code signing certificate is allowed, software can run.
On the Apple side of the house, we can turn on Gatekeeper to only allow Apple developers as a start. I haven't found a way to take that a step further and only allow software from approved developers. Removing trust for Apple's Certificate Authority and then adding individual code signing certificates back in seems like a recipe for disaster...
Short of creating a white list for each individual application path, is there a way I haven't found to allow only approved applications from running?
