Skip to main content
How to block an application (macOS)
Updated over a week ago

Swif provides an Application Block Policy to block App installations and updates or OS updates. This policy is important for your ISO 27001 audit.
โ€‹

For example, to block a macOS update (Settings -> Software Update page) on a macOS 12 machine, you can give a Signing ID value: platform:com.apple.preferences.softwareupdate.remoteservice.

To block a macOS update (Settings -> Software Update page) on a macOS 13 or 14 machine, you can give a signing ID value: platform:com.apple.Software-Update-Settings.extension.

Signing ID is a combination of team identifier and package identifier. You can find a team ID by querying:

$ codesign -dvvv /System/Library/ExtensionKit/Extensions/SoftwareUpdateSettingsExtension.appex

If the response is Team Identifier=not set, you can use the keyword "platform" as the team ID.
For the package identifier, you can query by

$ mdls /System/Library/ExtensionKit/Extensions/SoftwareUpdateSettingsExtension.appex | grep kMDItemCFBundleIdentifier

kMDItemCFBundleIdentifier = "com.apple.Software-Update-Settings.extension"

Additionally, you can also block by application names, eg. Adobe.

It will partially match the application name. When you try to open Acrobat Reader, you will receive a message like this:

Did this answer your question?