How to block an application (macOS)
Updated this week

Swif provides an Application Block Policy to block App installations and updates or OS updates. This policy is important for your ISO 27001 audit.
โ€‹

For example, to block a macOS update (Settings -> Software Update page) on a macOS 12 machine, you can give a Signing ID value: platform:com.apple.preferences.softwareupdate.remoteservice.

To block a macOS update (Settings -> Software Update page) on a macOS 13 or 14 machine, you can give a signing ID value: platform:com.apple.Software-Update-Settings.extension.

Signing ID is a combination of team identifier and package identifier. You can find a team ID by querying:

$ codesign -dvvv /System/Library/ExtensionKit/Extensions/SoftwareUpdateSettingsExtension.appex

If the response is Team Identifier=not set, you can use the keyword "platform" as the team ID.
For the package identifier, you can query by

$ mdls /System/Library/ExtensionKit/Extensions/SoftwareUpdateSettingsExtension.appex | grep kMDItemCFBundleIdentifier

kMDItemCFBundleIdentifier = "com.apple.Software-Update-Settings.extension"

Additionally, you can also block by application names, eg. Adobe.

It will partially match the application name. When you try to open Acrobat Reader, you will receive a message like this:

Did this answer your question?