Block unauthorized applications on Mac by executing custom scripts


An embargo on selective applications is quite common in enterprises. The usage of such applications poses a threat to productivity and security, therefore arises the need for restriction.

Endpoint Central offers several configurations to help you safeguard the Mac machines in your network. This document provides you with steps on preventing the usage of prohibited applications by executing custom script configuration.


  1. Download dcblockexe executable.
  2. Prepare a list of all the applications that you want to block and save this text file under the name dcblockexe.txt.
  3. To add/remove applications from the list, follow the steps given below :
    • Modify the text file, dcblockexe.txt accordingly.
    • Click Configurations tab and under Action column, choose to modify the corresponding configuration.
    • Upload the modified text file as a dependency file.


  1. Navigate to Configurations > Script Repository.
  2. Under Templates, add script to the repository.
  3. Navigate to Configurations > Mac > Custom Script.
  4. Ensure that the additional files are added as dependency files.
  5. If you want the usage of prohibited applications to be blocked round the clock, the frequency should be set as 'During Every Startup' while deploying the configuration. While executing this as a startup script, the applications will be blocked from subsequent startup.

Block unauthorized applications

Note :
  1. Application name can be filled using any one of the below suggested convention: -
    • Application name : Provide the file name devoid of its extension.
    • bundleIdentifier : By providing bundle identifier, you can block an application even when the file name is renamed. Bundle ID uniquely identifies an application in mac machines. Duplication of applications can be overlooked as no two applications can have the same bundle ID. To acquire an application's bundle ID, right click on the application --> Show Package Contents --> Contents --> info.plist --> copy the key value mapped to CFBundleIdentifier.
  2. The application names are case-sensitive and multiple entries should be comma separated values.