Help

PPPC Settings to behave like High Sierra

joelsenders
New Contributor III

Posted on ‎12-04-2018 08:10 AM

Hello all. Starting to get into this mess of whitelisting a bunch of various processes. I personally am not super excited about giving my users the ability to allow or deny background processes via a confusing dialog box. Quite honestly, I'd rather just whitelist all of the standard stuff that was able to be done in High Sierra, and allow third party anti malware to take care of protecting our machines. So my question is... has anyone built a config profile that whitelists various processes so that Mojave runs similar to previous macOS versions? This would seem like a worthwhile venture to me. Even if we could simply list out the most common offenders such as osascript, loginwindow, Terminal, etc. it would be supremely helpful.

0 Kudos
2 REPLIES 2

Tangentism
Contributor II

Posted on ‎12-04-2018 08:17 AM

Theres some generated profiles at the TCC Profile tool GitHub page that have some basic settings (Python/Shell/Terminal, etc)

sshort
Valued Contributor

Posted on ‎12-04-2018 09:13 AM

@joelsenders PPPC whitelisting is whack-a-mole, so I've decided to just focus on our "standard" apps. If tickets happen to come in for an additional app I didn't originally consider, then I'll add another PPPC profile. From my perspective, it's takes more time and effort trying to anticipate everything.

I also keep a TCC reset script in Self-Service if a user unintentionally allows or denies something they didn't intend to.

That being said... I did deploy a profile to whitelist Terminal. Also, if an app requires at least one AppleEvent to control Finder, SystemUIServer, or SystemEvents I'll just include all 3.