Custom Rules for macOS

Create Custom Rules to allow or block specific applications in the Application Control policy for Endpoint Security clients on macOS.

Note:
  • The Custom Rules feature is supported on Endpoint Security client for macOS version E89.30 and later.
  • Wildcards are supported on macOS; for details, see Custom Rules for Windows.

A Custom Rule for macOS supports the following fields:

Application Name
The application bundle name.

For example, the application name of Chrome is Google Chrome.app.

Publisher
This field is not supported on Endpoint Security for macOS.
Version

The application version string.

For example, the version of Chrome is 149.0.7827.201.

To find the version of Chrome, run:

$ defaults read /Applications/Google\ Chrome.app/Contents/Info CFBundleShortVersionString 149.0.7827.201
File Name

The name of the executable file inside the application bundle.

For example, the file name of Chrome is Google Chrome.

To find the file name of Chrome, run:

$ ls should be: /Applications/Google Chrome.app/Contents/MacOS/Google Chrome
Issued By

The certificate authority that issued the application's code-signing certificate. In the certificate chain returned by codesign, the second certificate in the list is the issuer (Issued By).

For example, the issuer of Chrome is Developer ID Certification Authority.

To view the certificate chain for Chrome, run:

$ codesign -dvv /Applications/Google\ Chrome.app 2>&1 | grep Authority
                        Authority=Developer ID Application: Google LLC (EQHXZ8M8AV)
                        Authority=Developer ID Certification Authority
                        Authority=Apple Root CA
Issued To

The subject (leaf certificate) of the application's code-signing certificate. In the certificate chain returned by codesign, the first certificate in the list is the subject (Issued To).

For example, the Issued To value for Chrome is Developer ID Application: Google LLC (EQHXZ8M8AV).

To view the certificate chain for Chrome, run:

$ codesign -dvv /Applications/Google\ Chrome.app 2>&1 | grep Authority
                        Authority=Developer ID Application: Google LLC (EQHXZ8M8AV)
                        Authority=Developer ID Certification Authority
                        Authority=Apple Root CA
Command Line

The full path to the application's executable.

For example, the command line of Chrome is:

/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome