Jamf Nation Community

Hi @NaomiT ,

My understanding is that the JAMF binary running in the background is what monitors and kills processes restricted using Computers > Restricted Software tab. It should work independently from the configuration profile.

You may need to allow the binary to check in to receive the latest info about which Apps should be restricted, which should happen at the next device check-in (or perhaps the next device inventory event).

Try double-checking your scope to make sure the test computer does have the Restricted Software payload scoped (Computers tab > Search and choose test computer > Management tab > Restricted Software).

Then on the test computer try the following command via terminal:

sudo jamf recon; sudo jamf management; sudo jamf policy

There are three separate commands on this line since I can't remember which one might be the relevant one, but I think it is the management command :)

After that, see if the App is successfully restricted. This is just speculation on my part--I can only provide the steps I would use to troubleshoot the issue myself :)

Hi @sdagley ,

Thanks. I checked that 3 restrictions software apps scoped out to one of my student test MacBook Pros and I was able to launch those apps. The student configuration profile restricting apps is not scoped out to this machine.

The list of apps to be restricted is stored in a file named .blacklist.xml in the /Library/Application Support/JAMF/ directory. It's updated when the client checks in, or you can force an update by doing a sudo jamf policy. I'd suggest looking for the existence of the .blacklist.xml file on one of your client machines after you'd configured a Restricted Software Record to make sure it's being applied as you expected.

Have you run a sudo jamf manage command in Terminal on those Macs? Try that to see if the restriction comes down. Its possible they just haven't received the setting yet. Its not automatic once you click Save in the Restricted Software title.

Hi @cpdecker ,

Thank you. I checked that the test computer has the restricted software payload scoped. I also ran the sudo jamf manage command but the restricted apps seem are still able to launch. I'm not sure what is causing the issue.

@sdagley I was able to access the application support folder but there was no JAMF subfolder available. I also ran the sudo jamf manage command earlier this morning. I'm not sure why it's not listed.

@mm2270 I ran the sudo jamf manage command earlier this morning but the restricted apps were still able to launch.

@NaomiT Can you post any details on how the Restricted Software settings are set up? Maybe a screenshot? I'm wondering if something needs to be adjusted to get it to work.

Also, can you elaborate on what you mean by no JAMF folder under Application Support? Are you looking inside the root "Library" directory? it should be located at /Library/Application Support/JAMF If you're not seeing that at all, there's a much larger issue going on. That folder should always be there under a Casper managed Mac.

Perhaps we are overlooking the obvious here.

Are you using the "Restrict exact process name" checkbox, and have you confirmed that the correct and precise name is being used?

For example, to restrict access to mail, we use the process name "Mail.app", without quotes, and we are restricting exact process name and also have the box checked to terminate the process when found.

Also wondering along with @mm2270, any chance you forgot to re-enroll your test machine with Casper after an image or something?

@mm2270 I've attached some screen shots of the restricted software.

On the test Mac I selected option on the keyboard: Then Go on the menu bar, selected library, selected application support folder and I see other subfolders here but not the JAMF folder. I have attached a screenshot of this as well.

@NaomiT The Go menu takes you to the user's Library folder, you need to look in the Library folder on the root of the hard drive. Open a Terminal window and type cd /Library/Application Support/JAMF then do an ls -la to list all files in that directory, including invisible ones

In addition, the App Store process name should be App Store.app

@NaomiT I think the issue (actually 2 issues) is that you entered "AppStore.app" instead of just App Store.app. Its not meant that you literally add the double quotes around the name as you have. Second, go back to the Applications folder and look at the App Store name. There's a space between App and Store, which you also omitted. So two issues with how you've entered the process name are preventing it from working.

But outside that, double check the root /Library/Application Support/ folder for the JAMF directory as outlined above by @sdagley and others. I think you're looking in the user level "invisible" Library folder, not the root one. As long as your test Mac is enrolled properly, you'll find the JAMF directory there.

Thank you @cpdecker , @mm2270 , and @sdagley ! I appreciate it. I made the corrections and verified 3 of the apps are blocked now. There is another issue with mail but I'll just re-image it and that should fix the issue.