Strange "cannot check it for malicious software" error

Question

Created Oct ’24

Replies 3

Boosts 0

Participants 2

App is signed, notarized and stapled, I send that dmg file with file transfer tool, it can open correctly on other mac without any warning or error. However, if I send that dmg file through IM to the same mac, it will produces the "cannot check it for malicious software" error. I check the transfered dmg with spctl -a -t open -vvv --context context:primary-signature MyApp.dmg, it show source=Notarized Developer ID; origin=*** How can I resolve this issue?

Answered by DTS Engineer in 809686022

The difference here is probably that one of your transport mechanisms quarantines the item and the other doesn’t.

It’s very likely that you have a Gatekeeper problem. Two things:

To confirm that, use the technique in Testing a Notarised Product.
Once you’ve done that, investigate and resolve the problem using the process described in Resolving Trusted Execution Problems.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

Desus OP

Oct ’24

I check the dmg by calculating md5 checksum, and the checksum result is identical

0

Answer 2

DTS Engineer OP

Apple

Oct ’24

Recommended

The difference here is probably that one of your transport mechanisms quarantines the item and the other doesn’t.

It’s very likely that you have a Gatekeeper problem. Two things:

To confirm that, use the technique in Testing a Notarised Product.
Once you’ve done that, investigate and resolve the problem using the process described in Resolving Trusted Execution Problems.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 3

Desus OP

Oct ’24

After running sudo sysctl -w security.mac.amfi.verbose_logging=1, then log stream --predicate "sender == 'AppleMobileFileIntegrity' or sender == 'AppleSystemPolicy' or process == 'amfid' or process == 'taskgated-helper' or process == 'syspolicyd'", I found some entries may relevant:

syspolicyd: [com.apple.syspolicy.exec:default] Code evaluation completed: 1
Adding Gatekeeper denial breadcrumb (open): PST : (vuid: ***), (objid: ***), (team: ***), (id: (null)), (bundle_id: (null))
syspolicyd: (CoreServicesInternal) CFURLCreateBookmarkData
syspolicyd: [com.apple.syspolicy.exec:default] Terminating process due to Gatekeeper rejection : 89905, <private>
kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 89905, <path to my app>

0