Block applications by their bundle identifier from launching in the Finder
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Block applications by their bundle identifier from launching in the Finder


Because the blocking is done by the bundle identifier, the location or name of the application bundle doesn't matter


For true blacklisting of binary execution, look at Google's Santa project:

This script doesn't literally "block" the execution of an application, it gets notified when an application is being launched and sends a SIGKILL signal to the process.

It's a simple method to help administrators stop their users from using applications the organization has decided should not be allowed. If you have a management framework with a similar feature, you should use that instead.

Configure Applications

Add the bundle identifier for each application you wish to block to the list blockedBundleIdentifiers

blockedBundleIdentifiers = ['']

You can use either exact bundle identifiers or a regex pattern.

If you also want to delete the application when it's launched, set deleteBlockedApplication to True

deleteBlockedApplication = True

Configure Alert Message

To disable the alert shown to users, set variable alertUser to False

alertUser = False

To change the text shown in the alert, modify the alertMessage and alertInformativeText variables respectively.

alertMessage = "The application \"{appname}\" has been blocked by IT"
alertInformativeText = "Contact your administrator for more information"

To change the icon shown in the alert, modify the alertIconPath

alertIconPath = "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/Actions.icns"