Jamf Pro - Restricted Software - adding apps to restrict not working

juicedaninja
New Contributor

Hello everyone,

I'm having some issues with the "Restricted Software" on JAMF Pro where  I can restrict 1 word app fine with the "Restrict exact process name", but not with 2 or more words.

working example:
Process Name: Messages
Checked with "Restrict exact process name"
and all messages (even if you copy paste app and rename, still gets blocked.)

but something with 2 words doesn't.
not working example:
Process Name: FileZilla Pro
Checked with "Restrict exact process name"

if I put "FileZilla Pro.app" in process name, it gets blocked but with that exact file name from applications.

any ideas how to block process name that is more than 2 words?

Thanks in advanced.

1 ACCEPTED SOLUTION

sdagley
Honored Contributor III

@juicedaninja It's not related to being an App Store app. I tested with Microsoft PowerPoint because the name of the executable binary (which can be found in the Info.plist file inside the application bundle - look for the string below the CFBundleExecutable key) is 2 words. Just because an application name has 2 or more words does not indicate the executable binary will, so if you're restricting by exact process name you may need to dig for the correct name.

When you create/change a Restricted Software configuration there is going to be a delay before your macs will receive the new settings, and the "sudo jamf manage" comamnd will force that when run.

View solution in original post

5 REPLIES 5

sdagley
Honored Contributor III

@juicedaninja I tested a block on Microsoft PowerPoint and it worked fine. Are you sure the management framework on your test Mac was updated before you tested the block with 2 words? You can force the update by running the command "sudo jamf manage" in Terminal. 

juicedaninja
New Contributor

thing is this is downloaded from app store.
would this be a reason why not working?

when I test with and without ".app" at the end, I can see the changes right away when check-in we use in Self Service.

sdagley
Honored Contributor III

@juicedaninja It's not related to being an App Store app. I tested with Microsoft PowerPoint because the name of the executable binary (which can be found in the Info.plist file inside the application bundle - look for the string below the CFBundleExecutable key) is 2 words. Just because an application name has 2 or more words does not indicate the executable binary will, so if you're restricting by exact process name you may need to dig for the correct name.

When you create/change a Restricted Software configuration there is going to be a delay before your macs will receive the new settings, and the "sudo jamf manage" comamnd will force that when run.

ohh thanks.
I was looking at activity monitor to get the name of the process, I guess it's different in the plist file.
able to block successfully without issue using executable name from plist.

mm2270
Legendary Contributor III

What @sdagley stated above is correct. When using the "Restrict exact process name" option, you have to find out what the exact process executable is, not just go by the application name as it appears in the Finder. They aren't always the same. Oftentimes using the executable that shows up in the MacOS directory inside the app bundle will work, but even that's not 100% accurate I don't think.