Hi community. Is there a way to completely block the installation of CLI tools on my managed macOS devices? Specifically, I want to ensure users cannot trigger installations via Terminal commands like git, gcc, or others that prompt the system to download and install developer tools.
104 Views
Replies (3)
Marked SolutionPending Review
Hexnode Expert
4 weeks ago
Marked SolutionPending Review
Hey @gnishilda . The most effective way to block installations via the Terminal would be to blocklist the Terminal app itself. This can be done using Hexnode’s Blocklist/Allowlist policy.
If you need more details on the setup, feel free to reach out.
Best Regards,
Isabel Lora
Hexnode UEM
Marked SolutionPending Review
Participant
4 weeks ago
Marked SolutionPending Review
Thank you @isabel_lora for the response. I’d appreciate it if you could share more details about how to block the Terminal app with Hexnode.
Marked SolutionPending Review
Hexnode Expert
4 weeks ago
Marked SolutionPending Review
Sure @gnishilda . Since most CLI tools installations are triggered via the Terminal, blocking access to it cuts off the main vector. To block the app,
- Login to Hexnode Portal.
- Navigate to Policies > macOS > Blocklist/Allowlist and click Configure.
- Select Blocklist > +Add App.
- Add the Terminal app (com.apple.Terminal) to the blocklist and save the policy to the targeted devices.
After the policy is successfully applied, users will be prevented from launching the Terminal app.
Best Regards,
Isabel Lora
Hexnode UEM
Save
