About using regular expressions (Regex) in EPM macOS access lists

This document explains how to use regular expressions in PCRE2 format to configure criteria in EPM macOS access lists, enabling more flexible and accurate identification of processes and applications.

What are regular expressions (Regex)

Regular expressions, or Regex, are patterns used to match strings of text. In EPM macOS, they allow administrators to create rules that match applications, paths, or arguments more broadly, reducing the need to register multiple similar entries.

PCRE2 standard

EPM macOS supports PCRE2 (Perl Compatible Regular Expressions version 2), a powerful and widely adopted regular expression engine with advanced syntax and features.

Supported fields

Regular expressions in the PCRE2 standard can be applied to the following attributes in access lists:

• Application Name: The name of the application you want to allow or block.
• Bundle Identifier: The unique identifier of the application package.
• Path: The full path in the file system to the application’s executable.
• Developer Identity: The developer or organization that signed the application.
• Executable Name: The name of the executable file; may optionally include arguments to target specific executions.
• Application Category: The category/type of the app (e.g., Productivity, Games, Entertainment).
• Username: The local account under which the application runs.
• Arguments: Command-line parameters required or expected during the app execution.

Example use cases

Best practices

• Use specific Regex patterns to avoid false positives.
• Properly escape special characters like ., *, +, ?, etc.
• Do not wrap the expression in quotes or add extra escape characters like backslashes (\), as the client interprets the pattern directly according to the PCRE2 standard.