Worklet: Uninstalling Applications on MacOS

Hey Y’all!

IT Admins often find themselves having to uninstall certain softwares off their macOS devices they manage. This can be a very daunting, time consuming task, especially if you are managing 1000’s of devices that span across several different subnets in different geographic locations. Also, if zero-day vulnerabilities are found to be exploited through one of these applications the speed at which they are uninstalled could mean the difference between you being exploited by an attacker or not.

With Automox Worklets we make this task effortless, and remediated within seconds, even across 1000’s of devices in different locations all in the cloud from a single pane of glass. The Worklet example below is designed to evaluate if an applications you specify exists on you macOS devices and uninstall them.

Evaluation:

#!/bin/bash


#The evaluation piece of this worklet is designed to identifying if an application exists on a device.   





#Designate the application you wish to remove from the device.  Name needs to appear as it does in the Applications folder.  The below example is using Skype


#########################


appname=Skype


#########################





#exit with 1 if application exists on device "non-compliant device*


#exit with 0 if application does not exist on device *device compliant*


if / -d "/Applications/$appname.app" ]; then


        exit 1


else


        exit 0


fi

Remediation:

#!/bin/bash


#The remediation piece of this worklet is designed to uninstall the application from the device 





#This worklet is designed to uninstall a single application that contains the designated appname.  To uninstall all applications that contains the appname wrap the $appname.app in the rm command with *.  ex usage: *$appname*.app


  


#Designate the application you wish to remove from the device.  Name needs to appear as it does in the Applications folder and match what you designated in the evaluation code.  The below example is using Skype


#########################


appname=Skype


#########################





#Remove the applicatiomn from the device


rm -rf /Applications/$appname.app 2> /tmp/uninstallerror.log





#exit with 0 if uninstall is successful


#exit with 1 if uninstall fails


if / -s /tmp/uninstallerror.log ]; then


        exit 1


else


        exit 0


fi

If the uninstall fails you can review the uninstallerror.log file located in /tmp of the device

Feel free to reach out to me if you have any issues!

Page 1 / 1

Apps are known to leave extra data behind either in /Library/Application Support or potentially in $HOME. There is a tool designed for removing an application completely called appcleaner that might be a good enhancement to this; however it does require an external dependency.

Looks like it’s at least a free app, so we could use a worklet to both install it and run it for application removal cleanup. The instructions say drag and drop your apps into the appcleaner window, but hopefully there’s a command line as well that we could call.

This line looks pretty risky:

rm -rf /Applications/*$appname*.app 2> /tmp/uninstallerror.log

For example, say you want to remove some app called Photo.app. The way this is structured, this would also remove Photo Booths, Photos.app, and any other app containing the subtring Photo.

A safer alternative would be to reference the exact app name to ensure that only the app that is intended to be targeted gets removed.

@zach good point. I did include that in the comments that this will remove any app that references the app name and to remove the ** to pinpoint an exact application. I can flip it around to make it safer for users.

OK, changes made. This should make it much less risky

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded