Can we avoid/handle uninstallation of system extension while drag the container app to the trash.

Question

Created Apr ’22

Replies 6

Boosts 0

Participants 3

If I install an app that includes a system extension I've noticed that when I remove this app the system extension getting uninstall.

As part of our feature(Tamper protection) while we drag the container app to the trash. we shouldn't allow this app deletion and system extension Should be activate and Enabled.

Here we are able to Restrict the app deletion successfully but system extension is getting inactive and terminated.

So is there any way to avoid/handle uninstallation of system extension while drag the container app to the trash.

Boost

Answer 1

DTS Engineer OP

Apple

Apr ’22

Here we are able to Restrict the app deletion successfully

How are you restricting that?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

NagendraBabu OP

Apr ’22

We are restricting app deletion while we met certain conditions not always.we are doing this By providing protection(denying permission to delete files inside that directory on certain conditions) to that specific app folder in applications directory.

0

Answer 3

DTS Engineer OP

Apple

Apr ’22

we capture the delete event with apple end point security

Ah, right. I’m not surprise that this isn’t handling an embedded sysex properly. The system does the sysex check before it deletes the app, obviously, and at that time it can’t tell that the deletion will fail in the future.

The standard way to restrict app deleting is using a configuration profile, and I would expect that to do the right thing when it comes to a sysex embedded in the app. Have you tried that approach?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 4

NagendraBabu OP

Apr ’22

I have tried this approach.As per Configuration-Profile-Reference.pdf allowAppRemoval key which disables removal of apps will be under restrictions payload .But I was unable to find allowAppRemoval key in restrictions payload on Jamf Pro dashboard.This option was available only for IOS devices or for both MacOs & IOS. If it was available for MacOs also Could you please point me to where we can find that or share any reference Document to do this if has.

I’m using Jamf pro version 10.37.2 and MacOS Big Sur and after.

0

Answer 5

DTS Engineer OP

Apple

Apr ’22

But I was unable to find allowAppRemoval key in restrictions payload on Jamf Pro dashboard.

I can’t help you with third-party management tools.

MDM products are layered on top of Apple infrastructure documented under Device Management. allowAppRemoval is part of the Restrictions (com.apple.applicationaccess). The payload itself is listed as being supported on macOS 10.7 and later, but that property is labelled as “Available in iOS 4.2.1 and later.” I don’t know whether that means it’s not supported on macOS at all.

Keep in mind that the Restrictions payload isn’t the only way to prevent app removal. MDM supports the concept of managed apps, installed via the install application command. Managed apps support attributes, and one of those attributes is Removable, which prevents the app from being removed.

If you have questions about this stuff, you can start a new thread here on DevForums with the Device Management or talk to Apple Support (configuration profiles and MDM fall under their purview, not DTS).

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 6

Ozerianskyy_coro OP

Mar ’23

Hi, did you manage how to solve this problem?

0