Addigy provides its partners with a unique ability to prepare for major macOS upgrades carefully. In our Public Software catalog, we publish items designed to block and suppress upgrades to new major versions of macOS. These upgrade blockers can serve as an important tool to give you the time you need to vet major macOS upgrades before your users apply them.
The Addigy Public Software Catalog provides install blockers from macOS 10.15 to macOS 14.
Before continuing
- Use only the most up-to-date versions of the Block Install macOS app. Addigy will remove previous versions of the Block Install macOS app after 30 days of the newer release.
- The blocker is only capable of blocking upgrades initiated by the ".app" installers from Apple. If the upgrade is initiated outside of this .app, it will not block it.
- The current version of the pblock utility is v12. If different versions of the pblock utility are attempting to be installed, there can be installation errors.
- Also see How to Defer System Updates/Upgrades via Addigy. It is necessary to take into account MDM when blocking System Updates.
- Public Library entries will be versioned as (releaseCount.pblockVersion) starting with Block Install macOS Sonoma (1.12).
Blocking Major OS Upgrades
The most recent version of these upgrade blockers is titled Block Install macOS Sonoma (version) and includes the following features.
- Addigy's proprietary utility prevents the Install macOS Sonoma.app from running by removing the app's ability to execute at any level.
- When the install app is attempted to be executed, the end user will be met with the native macOS warning that the app can’t be opened. No ticket or email alert will trigger in this event.
- In the case where the file permissions are granted and the app is opened simultaneously, the process of the install app is killed, a badge notification is presented to the user to explain the occurrence, and an email or ticket is sent to the Addigy partner according to their ticketing integrations or support email settings.
- Any Install macOS Ventura.app or Beta app found on the device will be removed when the software runs as part of the policy, about every thirty minutes.
- If able to, Badge notifications from Apple that prompt the user to upgrade will be suppressed.
- If able to, Automatic download of macOS updates will be disabled.
- If able to, Automatic install of macOS updates will be disabled (except for critical updates).
Adding the Blocker to Your Policies
When you're ready to begin blocking a major OS upgrade, head over to the Public Library in Catalog > Software. Then, search "Block Install macOS."
Click the three dots, and select Assignments. You can choose any/all Policies where you'd like to enforce the blocker.
Removing the Blocker
When the removal script is run, a command to reset all file execute permissions that were stripped will be re-assigned to all files listed in the ‘names.txt’ referenced in the Public Software.
When a blocker is removed from a policy, it may take up to thirty minutes for the device to remove all the pieces of the blocker. To speed up the process, we recommend going to the Policies page and selecting Deploy Now from the menu under the Actions column to force the policy to run immediately. When the blocker is removed, any lingering settings applied to macOS updates will not be reverted.
If you have removed the blocker and you have verified the update is still being blocked, please run the below script to verify if the pblock is active:
#!/bin/bash
runningBlocker=$(ps aux | grep -v grep | grep pblock | awk -F '-f' '{print $2}' | awk -F '-' '{print $2}')
if [[ $runningBlocker == "" ]]; then
echo "No Blocker Installed"
else
echo $runningBlocker
fi
If the script states there is a version of that blocker still running, you will want to run the removal script of the blocker. To note, the removal script should run automatically once the item is removed from the Policy, but if it for any reason it did not, you will need to run it manually.
The removal script can be retrieved by navigating to the item in the Public Library catalog and choosing "View details..." in the actions menu. Then, a window will pop-up with a few things - you will want to expand the "Remove Script" box.
Once you have copied this, create a saved script and run it on the affected device(s).