1 ACCEPTED SOLUTION
In my experiences there are no good applications that do this for macOS. Your typical go to's for Windows like Carbon Black, Sentinel One, and CyberArc do not reliably provide App Control on MacOS if they provide it at all.
This is a security problem, not a device management problem. I would tell the Security Division in your IT infrastructure that they need to find the solution they want to use to close the finding.
JAMF Pro has two options.
- Application Black Listing (only use this to block what is absolutely needed to be blocked)
- A configuration Profile to set gatekeeper to only allow AppStore Apps to run (this is easily defeated as apple does not prevent a user from disabling gatekeeper within the MDM framework)
In my experiences there are no good applications that do this for macOS. Your typical go to's for Windows like Carbon Black, Sentinel One, and CyberArc do not reliably provide App Control on MacOS if they provide it at all.
This is a security problem, not a device management problem. I would tell the Security Division in your IT infrastructure that they need to find the solution they want to use to close the finding.
JAMF Pro has two options.
- Application Black Listing (only use this to block what is absolutely needed to be blocked)
- A configuration Profile to set gatekeeper to only allow AppStore Apps to run (this is easily defeated as apple does not prevent a user from disabling gatekeeper within the MDM framework)
