Management of System Applications

Privilege Management for Mac examines each application and, if there is an application bundle where the application is associated with a Privilege Management Allow rule and Install Action match of Yes, the user can right-click the application and select Install with Privilege Management. This will install the bundle in the /Applications folder on the endpoint.

Similarly, if there is an application bundle where the application is associated with a Privilege Management Allow rule and Delete Action match of Yes, the user can right-click the application and select Uninstall with Privilege Management. This will uninstall the bundle in the /Applications folder on the endpoint.

If the applications do not have a Privilege Management Allow rule with an Install Action match or Delete Action match of Yes, the management of the bundle defaults to normal macOS functionality where admin credentials are required to manage the bundle in the /Applications folder. Standard macOS functionality is used if anything other than an Allow rule with an Install Action match or Delete Action match of Yes is associated with the application bundle, such as Block or Passive.

You cannot use File Hash matching criteria to install or uninstall unsigned bundles.

Per system functionality, applications that are running or protected by System Integrity Protection (SIP) cannot be uninstalled.

For more information, please see the following:

Manage the Privilege Management Finder Extension

To use Install with Privilege Management and Uninstall with Privilege Management menu functionality to manage the System Applications folder, the Privilege Management Finder Extension must be enabled under System Preferences > Extensions > Finder Extensions.