Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/it-and-security/lib/macos/reports
History
kilo-code-bot[bot] c2f4c9638b
Remove WhatsApp block rule and deploy Santa profiles to all Workstations Macs (#42285) 
## Summary

- **Removed the WhatsApp block rule** from the Santa rules configuration
profile (`santa-rules.mobileconfig`). The rule blocked WhatsApp.app via
a CDHASH identifier (`54a8ec11bcea48a276b1fdce556a29108ba77de4`) and is
no longer needed.
- **Expanded Santa profile deployment to all macOS hosts** on the
Workstations team. Both `santa-configuration.mobileconfig` and
`santa-rules.mobileconfig` were previously scoped only to the `"Santa
test devices"` label (4 specific Macs). Removed the `labels_include_any`
restriction so these profiles now install on all Macs in the
Workstations team.
- **Deleted the "Santa test devices" label entirely.** Removed the label
definition file (`santa-test-devices.yml`), its reference in
`default.yml`, and all remaining `labels_include_any` references to it
from the Santa software entry, install-santa-extension policy, and
collect-santa-denied-logs report.

## Changes

###
`it-and-security/lib/macos/configuration-profiles/santa-rules.mobileconfig`
- Removed the `BLOCKLIST` / `CDHASH` rule entry for WhatsApp.app
(identifier `54a8ec11bcea48a276b1fdce556a29108ba77de4`)
- The allowlist for North Pole Security (Team ID) and the test block
rule for BundleExample.app remain unchanged

### `it-and-security/fleets/workstations.yml`
- Removed `labels_include_any: ["Santa test devices"]` from the
`santa-configuration.mobileconfig` and `santa-rules.mobileconfig`
profile entries
- Removed `labels_include_any: ["Santa test devices"]` from the Santa
software entry
- All Santa-related profiles and software now apply to all macOS hosts
on the Workstations team

### `it-and-security/lib/all/labels/santa-test-devices.yml` (deleted)
- Removed the manual label definition for "Santa test devices"
(previously scoped to 4 specific Macs)

### `it-and-security/default.yml`
- Removed the label path reference to `santa-test-devices.yml`

### `it-and-security/lib/macos/policies/install-santa-extension.yml`
- Removed `labels_include_any: ["Santa test devices"]` so the policy
applies to all macOS hosts

### `it-and-security/lib/macos/reports/collect-santa-denied-logs.yml`
- Removed `labels_include_any: ["Santa test devices"]` so the report
applies to all macOS hosts

---

Built for [Allen
Houchins](https://fleetdm.slack.com/archives/D0AFASNBZMW/p1774320804143629?thread_ts=1774320368.198119&cid=D0AFASNBZMW)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)

---------

Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
2026-03-23 22:09:18 -05:00
..
collect-macos-27-incompatible-apps.yml Update macOS 27 incompatible apps report (#42217) 2026-03-21 21:30:49 -05:00
collect-macos-compatibility-data.yml Migrating teams to fleets and queries to reports (#40726) 2026-03-09 17:45:55 -05:00
collect-santa-denied-logs.yml Remove WhatsApp block rule and deploy Santa profiles to all Workstations Macs (#42285) 2026-03-23 22:09:18 -05:00
collect-xprotect-reports.yml Migrating teams to fleets and queries to reports (#40726) 2026-03-09 17:45:55 -05:00
detect-apns-certificate.yml Migrating teams to fleets and queries to reports (#40726) 2026-03-09 17:45:55 -05:00
detect-apple-intelligence.yml Migrating teams to fleets and queries to reports (#40726) 2026-03-09 17:45:55 -05:00