Custom Rules for macOS
Create Custom Rules to allow or block specific applications in the Application Control policy for Endpoint Security clients on macOS.
- The Custom Rules feature is supported on Endpoint Security client for macOS version E89.30 and later.
- Wildcards are supported on macOS; for details, see Custom Rules for Windows.
A Custom Rule for macOS supports the following fields:
- Application Name
- The application bundle name.
For example, the application name of Chrome is
Google Chrome.app. - Publisher
- This field is not supported on Endpoint Security for macOS.
- Version
-
The application version string.
For example, the version of Chrome is
149.0.7827.201.To find the version of Chrome, run:
$ defaults read /Applications/Google\ Chrome.app/Contents/Info CFBundleShortVersionString 149.0.7827.201 - File Name
-
The name of the executable file inside the application bundle.
For example, the file name of Chrome is
Google Chrome.To find the file name of Chrome, run:
$ ls should be: /Applications/Google Chrome.app/Contents/MacOS/Google Chrome - Issued By
-
The certificate authority that issued the application's code-signing certificate. In the certificate chain returned by
codesign, the second certificate in the list is the issuer (Issued By).For example, the issuer of Chrome is
Developer ID Certification Authority.To view the certificate chain for Chrome, run:
$ codesign -dvv /Applications/Google\ Chrome.app 2>&1 | grep Authority Authority=Developer ID Application: Google LLC (EQHXZ8M8AV) Authority=Developer ID Certification Authority Authority=Apple Root CA - Issued To
-
The subject (leaf certificate) of the application's code-signing certificate. In the certificate chain returned by
codesign, the first certificate in the list is the subject (Issued To).For example, the Issued To value for Chrome is
Developer ID Application: Google LLC (EQHXZ8M8AV).To view the certificate chain for Chrome, run:
$ codesign -dvv /Applications/Google\ Chrome.app 2>&1 | grep Authority Authority=Developer ID Application: Google LLC (EQHXZ8M8AV) Authority=Developer ID Certification Authority Authority=Apple Root CA - Command Line
-
The full path to the application's executable.
For example, the command line of Chrome is:
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome