Ventura whitelist app

kdpk
New Contributor II

Hello , 

Is there any way to block all apps except the chosen ones? 
I saw on Apple developer that whitelisted app were deprecated 
whitelistedAppBundleIDs

[string]
,but solution with allowListedAppBundleIDs didn't work for me. 
In my case I need to push policy to block everything except preinstalled apps and 5 chosen by IT. 

1 ACCEPTED SOLUTION

AJPinto
Honored Contributor II

In my experiences there are no good applications that do this for macOS. Your typical go to's for Windows like Carbon Black, Sentinel One, and CyberArc do not reliably provide App Control on MacOS if they provide it at all.

 

This is a security problem, not a device management problem. I would tell the Security Division in your IT infrastructure that they need to find the solution they want to use to close the finding.

 

JAMF Pro has two options.

  • Application Black Listing (only use this to block what is absolutely needed to be blocked)
  • A configuration Profile to set gatekeeper to only allow AppStore Apps to run (this is easily defeated as apple does not prevent a user from disabling gatekeeper within the MDM framework)

AJPinto_0-1674133820695.png

 

View solution in original post

4 REPLIES 4

AJPinto
Honored Contributor II

In my experiences there are no good applications that do this for macOS. Your typical go to's for Windows like Carbon Black, Sentinel One, and CyberArc do not reliably provide App Control on MacOS if they provide it at all.

 

This is a security problem, not a device management problem. I would tell the Security Division in your IT infrastructure that they need to find the solution they want to use to close the finding.

 

JAMF Pro has two options.

  • Application Black Listing (only use this to block what is absolutely needed to be blocked)
  • A configuration Profile to set gatekeeper to only allow AppStore Apps to run (this is easily defeated as apple does not prevent a user from disabling gatekeeper within the MDM framework)

AJPinto_0-1674133820695.png

 

kdpk
New Contributor II

I use your tips , and set only allow Appstore Apps , then I block Appstore app, it kind of tricky way but works perfect. 

Thanks for advice :D 

AJPinto
Honored Contributor II

woot, I am happy that worked. 

sdagley
Esteemed Contributor II

@kdpk Take a look at Google's Santa project: https://github.com/google/santa  It supports application allow/deny