Prohibited Applications Preference Keys

Domain
com.jamf.compliancereporter
The ProhibitedApps preference key in Compliance Reporter is used to prohibit specified applications from running on computers. This preference key is useful in the following situations:
  • Anti-tamper system intended to restrict access to Compliance Reporter and device management tool binaries.

  • Prevent users from running administrative or otherwise powerful applications on computers.

  • Block common unwanted software from running on computers.

Important:

Do not use this feature as anti-virus control.

Some LaunchDaemons are exempted from prohibited apps because they allow device management tools to access all applications on a device while still preventing end users from accessing those same applications. LaunchDaemons are exempt from prohibited application blocking when they originate the execution request, are not impersonating another user, and may not show a graphical element to the user. In addition, the audit_id and effective_user_id must be zero.

KeyDescription
ProhibitedApps

Dictionary that contains a list of apps you want to block.

<key>ProhibitedApps</key>
<dict></dict>
PAExecutableNames

The executable name of the app you want to block.

<key>PAExecutableNames</key>
    <array>
      <string>fdesetup</string>
    </array>
PASigningIdentifiers

The signing identifiers of the app you want to block.

<key>PASigningIdentifiers</key>
    <array>
      <string>com.apple.fdesetup</string>
      <string>com.apple.screencapture</string>
      <string>com.apple.systemsetup</string>
      <string>com.apple.sysctl</string>
      <string>com.apple.dscl</string>
      <string>com.jamfsoftware.jamf</string>
      <string>com.jamf.compliancereporter</string>
    </array>
PATeamIdentifiers

The team identifier of the app you want to block.

<key>PATeamIdentifiers</key>
    <array>
      <string>BD3YL53XT4</string>
    </array>