Blockling Mac OS
Tonight, Apple released macOS Catalina.
See below on how to block this upgrade with Jamf Pro.
If you want to remove everything associated with the YOUR MAC HAS BEEN BLOCKED scamming pages and messages from your Mac, we recommend that you use a specific anti-malware for Mac machines. Such a program’s main goal is to scan your system in order to eliminate the files with the malicious behaviour plus clean up any other malicious code from. In Safari 12 and 13 here's what you need to do: Go to Preferences. Select the Websites tab. Click on the Pop-up Windows option in the left-hand column. Now you can either make a rule for the website you're currently visiting by clicking on the drop down menu to the right. Then select either Block. Launch the Mail application on your Mac. Click on a message from a sender you'd like to block. While you can prevent some applications, programs or services to accept incoming connections by configuring OS X built-in Firewall (Apple Menu = System Preferences = Firewall tab =Firewall Options = Choose “Block incoming connections”, see the Figure below), to configure outgoing traffic preferences and block outgoing connections on Mac you need to download a third-party application.
Blocking Mac Os Update
Contents
Why block?
As with any new OS release, you might have some required software titles which are not compatible with the new OS & especially some of the more security focused changes.
For example, today Adobe released a KB with some details around issues with Creative Cloud Packages & macOS Catalina, below is an excerpt.
The writing has been on the wall for 32-bit apps since 10.13.4, & at WWDC this year it was mentioned that Catalina would not support 32-bit apps.
So, you might need to block Catalina whilst some of these needed software titles are updated.
But we deferred?
Deferral only works for updates, not upgrades.
So, 10.14.x updates. Not the macOS 10.15 upgrade.
Enter Restricted Software
Restricted Software can be used here as one method to block folks from installing macOS Catalina.
Admittedly, there are methods to subvert this. But they are better discussed elsewhere.
To block macOS Catalina via Restricted Software, see the below:
You can tweak these options as per your requirements, but the above should be the bare minimum. The scope & message etc should all be set as per your organisational needs.
I will advise not to check “Delete Application” as from previous experience, Apple will push the install.app, if deleted.
Also, wildcards might not work currently as their appears to be a Jamf Pro PI around them at the moment.
There is no step 2!
Actually there is, the Restricted Software setting will only apply to devices within scope one their Management Framework has refreshed.
Blocking Mac Os Catalina
This happens periodically on macOS devices, but you can force this via the below when ran as sudo:
The above is handy for running locally when testing the Restricted Software setting, & once happy you can wait for the clients to perform their periodic Management Framework or push a policy that runs the above once per computer on your check-in interval.
So, there is no step 3? Right?
There is an optional step, as per:
With more steps:
When ready to release Catalina, you can then revert this via:
Is that it?
Well, not really.
As mentioned, there are ways that folks can circumvent the Restricted Software setting. (But come to the MacAdmins Slack to ask about that).
Let alone methods outside of the booted OS, so you might want to look at setting a firmware password too.