cmdReporter Wiki

Open navigation

Block Prohibited Applications from Running

Intended Use Cases

  1. Anti-tamper system intended to restrict access to cmdReporter and device management tool binaries.
  2. Prevent users from running administrative or otherwise powerful applications on the device.
  3. Blocking common unwanted software from running on devices. 
    • An example would be blocking Box from running when the organization uses Google Drive.
  4. While possible, we do not recommend using this feature as an anti-virus control

Why some LaunchDaemons are exempted

Exempting LaunchDaemons with certain properties allows device management tools access to all applications on a device while still preventing end users access to those same applications.

Conditions when LaunchDaemons are exempt

LaunchDaemons are exempt from prohibited application blocking when they originate the execution request, are not impersonating another user, and may not show a graphical element to the user.

In technical terms all of the following must be true:

  • an audit_id of 0
  • an effective_user_id of 0

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.