Posted on 02-27-2017 07:52 PM
We have a configuration profile define to student laptops that only allows Apps to run from certain folders.
One of these folders is certainly NOT the /User/XXX/Desktop folder.
If we copy an App into this folder it is blocked correctly.
If we have a copy of a game in zip format (or indeed compress an exisiting App from the applications folder) and unzip into the Desktop folder - it runs!
If we copy the App out to another folder it does not run and if we copy it back into Desktop it does not run. Delete the App and Unzip it again - and it runs!
Any ideas as to why the zip / unzip is able to bypass the App restriction in the payload?