macOS - Software Lifecycle - Manage Third Party Override Options

What the third-party patching override Worklet does

This Automox Worklet™ manages a local override file that controls how Automox patches third-party applications on macOS endpoints. By default, Automox follows predefined patching behavior for each application, such as refusing to patch while the software is running. This Worklet allows you to override those defaults for specific applications by configuring which titles should be force-closed before patching begins.

The Worklet stores application bundle names in the override file located at /Library/Application Support/Automox/.tools/ax_overrides. During evaluation, it compares the current override configuration against the intended configuration. During remediation, it updates the file if necessary and ensures Automox uses your custom patching rules.

Why customize third-party patching behavior

Organizations have unique software requirements. Some applications in your environment may not patch successfully unless they are closed first, even though Automox defaults to blocking patches while they run. Common scenarios include business-critical applications, development tools, or legacy software that requires special handling during updates.

By overriding default patching behavior, you verify that necessary updates complete on endpoints where standard patching would fail. This reduces security exposure from unpatched vulnerabilities and improves overall patch compliance rates across your macOS fleet.

How third-party override configuration works

1. Evaluation phase: The Worklet reads the kill_if_running_titles parameter containing bundle names (for example, com.google.Chrome, com.skype.skype). It generates a new override file based on your specified applications, removes any duplicate entries, and compares this configuration against the existing override file at /Library/Application Support/Automox/.tools/ax_overrides. If the files match, no remediation is needed.

2. Remediation phase: The Worklet replaces the existing override file with the new configuration if the files differ. If the kill_if_running_titles parameter is empty, the override file is cleared and all third-party applications will use Automox default patching behavior.

Third-party override patching requirements

• macOS endpoints with Automox agent version 1.42.22 or later

• Bundle names must match Automox Third-Party Naming Standards exactly (names are case-sensitive)

• Applications must be designated as "App will NOT patch when running" in Automox documentation to benefit from force-close override

• FixNow feature requires Automox agent 1.42.22 or later for real-time patching

• Administrative privileges are required to create and manage the override file

Expected override behavior after configuration

After successful remediation, Automox will force-close any applications listed in the kill_if_running_titles parameter before patching them. This allows patches to complete even when these applications would normally block updates. The override file persists on the endpoint unless you remove all application bundle names from the parameter, which will trigger a revert to default Automox patching behavior.

You can verify the current override configuration by checking the ax_overrides file contents. The Worklet logs which applications will be force-closed during patches, helping you audit your patching policies. To revert override behavior at any time, empty the kill_if_running_titles parameter and run the Worklet again.

How to validate manage third party override options changes

1. Run this Worklet on a pilot macOS endpoint and review evaluation output for manage third party override options.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as function, else, touch.

4. Validate remediation effects from script operations such as function, rm, trap, then rerun evaluation for compliance.