Automox Worklet: Uninstalling Applications on macOS

IT administrators often find themselves having to uninstall certain software from the macOS devices that they manage. This can be a very daunting, time-consuming task, especially if you are managing thousands of devices that span across several different subnets in different geographic regions. Also, if zero-day vulnerabilities are found to be exploited through one of these applications, the speed at which they are uninstalled could mean the difference between you being exploited by an attacker or not.

With Automox Worklets™, we make this task effortless. Remediation within seconds, even across thousands of devices in different locations, is possible from the cloud. Plus, this will provide a single point of visibility for the admin. The worklet example below is designed to evaluate whether an application you specify exists on your macOS devices and, if so, uninstall that application.

Automox Worklet: Uninstalling Applications on macOS

To deploy this endpoint hardening worklet, do the following:

  1. Log in to your Automox Console.
  2. Navigate to the System Management page, and click Create Policy in the upper right-hand section of the screen.
  3. Choose macOS under Worklet.

    Create policy within the Automox console
  4. On the create Worklet page, enter a worklet title in Name under Policy Info. For example, "Uninstall-Apps-macOS."
  5. Copy and paste the Evaluation and Remediation code scripts from below. The evaluation code keeps you aware of each device’s ongoing compliance, as well as flags the device for remediation. The remediation code enforces this setting on the schedule you define.

    IMPORTANT NOTE: Change the values as described in the code so that they match your needs.

Evaluation:

#!/bin/bash
#The evaluation piece of this worklet is designed to identify if an application exists on a device.   
#Designate the application you wish to remove from the device.  Name needs to appear as it does in the Applications folder. The below example is using Skype
#########################
appname=Skype
#########################
#exit with 1 if application exists on device "non-compliant device*
#exit with 0 if application does not exist on device *device compliant*
if [ -d "/Applications/$appname.app" ]; then
        exit 1
else
        exit 0
fi
 

Remediation:

#!/bin/bash
#The remediation piece of this worklet is designed to uninstall the application from the device 
#This worklet is designed to uninstall a single application that contains the designated appname.  To uninstall all applications that contains the appname wrap the $appname.app in the rm command with *.  ex usage: *$appname*.app
  
#Designate the application you wish to remove from the device.  Name needs to appear as it does in the Applications folder and match what you designated in the evaluation code.  The below example is using Skype
#########################
appname=Skype
#########################
#Remove the application from the device
rm -rf /Applications/$appname.app 2> /tmp/uninstallerror.log
#exit with 0 if uninstall is successful
#exit with 1 if uninstall fails
if [ -s /tmp/uninstallerror.log ]; then
        exit 1
else
        exit 0
fi
 

6. After you paste and update the evaluation and remediation codes for your needs, click Create Worklet.
7. Assign the worklet to a group or multiple groups, and click Save Changes.
8. Execute the worklet by clicking the Execute Policy Now button.

You should be all set. If the uninstall fails, you can review the uninstallerror.log file located in /tmp of the device.

If you need technical assistance, contact our support team at support@automox.com.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure. 

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

Get Instant Updates on Vulnerabilities

Subscribe to receive Automox vulnerability alerts

Reduce your threat surface by up to 80%

Make all of your corporate infrastructure more resilient by automating the basics of cyber hygiene.

Take 15 days to raise your security confidence!
Start a Free Trial