XFENCE not denying access to a file

I created the below rule

Deny any /Library/Application Support/JAMF/ManagementFrameworkScripts/StartupScript.sh rwc

but then I can

cat /Library/Application Support/JAMF/ManagementFrameworkScripts/StartupScript.sh

 and get the file contents. vim can also edit and save the file.


XFENCE seems to be working on other paths, so why not this one? Also I can confirm I have no rules specifically permitting this path and no rule specifically permitting cat and vim to access any files although I'd hope a deny takes precedence.

This discussion has been closed.