Enforced App Uninstall

What the Enforced App Uninstaller does

This Automox Worklet™ removes a specified application from macOS endpoints and prevents its continued use. The Worklet checks for the presence of the target application in the /Applications folder and removes the entire application bundle when detected.

You configure the target application by setting the appname variable in both the evaluation and remediation scripts. By default, the Worklet is configured to remove Skype, but you can modify this to target any application installed in the standard Applications folder.

Why enforce application removal

Organizations often need to remove software that poses security risks, violates licensing agreements, or conflicts with approved applications. Without automated enforcement, users may reinstall prohibited software, creating ongoing compliance issues.

Running this Worklet on a schedule provides continuous enforcement rather than one-time removal. If a user reinstalls the application or a software installer adds it back, the next policy execution removes it again. This approach maintains compliance without requiring manual IT intervention.

Common use cases include removing end-of-life software with known vulnerabilities, unauthorized communication tools that bypass corporate channels, and trial software that users install without IT approval.

How enforced uninstallation works

1. Evaluation phase: The Worklet checks if /Applications/{appname}.app exists on the endpoint. If the application is present, the evaluation exits with code 1 to trigger remediation. If the application is not found, the endpoint is compliant and no action is needed.

2. Remediation phase: The script executes rm -rf to remove the entire application bundle from /Applications. Any errors are logged to /tmp/uninstallerror.log. If the error log contains content, the script reports failure; otherwise, removal succeeded.

Enforced uninstall requirements

• macOS Catalina (10.15) or later

• Target application installed in /Applications folder

• Configure appname variable in both evaluation.sh and remediation.sh

• Root-level permissions (provided by Automox agent)

Expected state after enforced removal

After successful remediation, the target application no longer exists in the /Applications folder. You can verify successful removal by checking the Applications folder or by searching for the application in Spotlight. Users attempting to launch the application will find it missing. The removal includes the entire .app bundle but does not automatically remove user-level preferences or support files in ~/Library.

To verify the removal, check that /Applications/{appname}.app no longer exists or review the Worklet execution logs. Running the Worklet on a scheduled policy provides ongoing enforcement and reports compliance status for each endpoint in your fleet.

How to validate enforced app uninstall changes

1. Run this Worklet on a pilot macOS endpoint and review evaluation output for enforced app uninstall.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as exit, else.

4. Validate remediation effects from script operations such as rm, exit, else, then rerun evaluation for compliance.

For technical validation, compare endpoint state to the Worklet evaluation logic and remediation flow for enforced app uninstall. This supports repeatable software lifecycle workflows, faster change control review, and auditable compliance evidence.

Useful script references for this Worklet include evaluation operations such as exit, else and remediation operations such as rm, exit, else. Use these indicators to verify that endpoint changes match intended policy outcomes.