Block blacklisted applications by executing custom scripts on Mac machines


An embargo on selective applications is quite common in enterprises. The usage of such applications poses a threat to productivity and security, therefore arises the need for restriction.

Endpoint Central offers several configurations to help you safeguard the Mac machines in your network. This document provides you with steps on preventing the usage of prohibited applications by executing custom script configuration.


  1. Download dcblockexe executable.
  2. Prepare a list of all the applications that you want to block and save this text file under the name dcblockexe.txt.


  1. Navigate to Configurations tab and click on Script Repository.
  2. Under Templates tab, add script to the repository.
  3. Create a custom script configuration under Mac configurations using this script.
  4. Ensure that the prerequisites are met, since execution of the script requires the additional files that need to be added as dependency files.
  5. If you want the usage of prohibited applications to be blocked round the clock, the frequency should be set as 'During Every Startup' while deploying the configuration. While executing this as a startup script, the applications will be blocked from subsequent startup.
Note :
  1. The application should be installed in the system.
  2. The different means of providing the application names would be -
    • Application name : Provide the file name devoid of its extension.
    • bundleIdentifier : By providing bundle identifier, you can block an application even when the file name is renamed. Bundle ID uniquely identifies an application in mac machines. Duplication of applications can be overlooked as no two applications can have the same bundle ID. To acquire an application's bundle ID, right click on the application --> Show Package Contents --> Contents --> info.plist --> copy the key value mapped to CFBundleIdentifier.
  3. While preparing the list for applications to be blocked, it should be comma separated values.
  4. The application names are case-sensitive.
  5. To add/remove applications from the list, follow the steps given below :
    • Modify the text file, dcblockexe.txt accordingly.
    • Click Configurations tab and under Action column, choose to modify the corresponding configuration.
    • Upload the modified text file as a dependency file.

The usage of blacklisted applications has been blocked successfully.