Restricted Software Issue JSS 9.65

ryflanagan
New Contributor

Hi Guys,

Dont suppose any of you can help.

I have created a new restricted software record in JSS for an application users have installed on our systems called R. I have the process name in the restricted software record as R.app

For this record i have set it to 'kill process' and 'restrict exact process name'. I also have a message to basically say 'the R software isnt allowed'. However when i add a test machine to the scope on the log on i get the block message even though this software isnt installed yet.

Also it is worth noting that with the same process name, if i untick the 'restrict exact process name' it kills the finder process constantly on the mac obviously causing lots of issues. So looks like even with the restrict by exact name it is detecting Finder.app as a conflict?

there are no wild cards in the name at all but from the logs i can see it is denying everything which ends in 'r.app' e.g. calendar.app, quicktime player.app , finder.app etc

has this happened to anyone else and if how have you fixed this issue? Thought i would post here before reporting it to Jamf.

Thanks

2 REPLIES 2

SeanA
Contributor III

Initial thoughts:

If you create a clone of that restricted software record, but restrict "x.app", does that restrict Firefox (or use a different letter and see if it restricts software ending with that letter)?

I think the "kill process" item may not be as discriminate as the "restrict exact process name"; try doing one restriction at a time, making sure you do a jamf manage on the client to make sure it sees the new restrictions.

mm2270
Legendary Contributor III

Before version 9 came along and implemented the "Restrict exact process name" checkbox, I had figured out a workaround that helped stop false positives for applications that may contain a partial name of other applications. A simple example of this was Tor.app that was killing Automator.app since tor.app was part of the name of the latter.

The trick was to add the process name in as (using your R.app as an example)

/R.app

The forward slash before the beginning of the process name would indicate part of the full path to the application. Every app is located within some directory path, even if located at the top of the hard drive, so using the slash prevents a partial match for other applications, since other apps aren't going to have a path delimiter slash in the middle of their name.

I'm not certain that this trick still works now under version 9, but it may. You could try doing this with your R.app, but I believe you might need to actually uncheck the "restrict exact process name" box for it to work.