Strange "cannot check it for malicious software" error

App is signed, notarized and stapled, I send that dmg file with file transfer tool, it can open correctly on other mac without any warning or error. However, if I send that dmg file through IM to the same mac, it will produces the "cannot check it for malicious software" error. I check the transfered dmg with spctl -a -t open -vvv --context context:primary-signature MyApp.dmg, it show source=Notarized Developer ID; origin=*** How can I resolve this issue?

Answered by DTS Engineer in 809686022

The difference here is probably that one of your transport mechanisms quarantines the item and the other doesn’t.

It’s very likely that you have a Gatekeeper problem. Two things:

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

I check the dmg by calculating md5 checksum, and the checksum result is identical

The difference here is probably that one of your transport mechanisms quarantines the item and the other doesn’t.

It’s very likely that you have a Gatekeeper problem. Two things:

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

After running sudo sysctl -w security.mac.amfi.verbose_logging=1, then log stream --predicate "sender == 'AppleMobileFileIntegrity' or sender == 'AppleSystemPolicy' or process == 'amfid' or process == 'taskgated-helper' or process == 'syspolicyd'", I found some entries may relevant:

  • syspolicyd: [com.apple.syspolicy.exec:default] Code evaluation completed: 1
  • Adding Gatekeeper denial breadcrumb (open): PST : (vuid: ***), (objid: ***), (team: ***), (id: (null)), (bundle_id: (null))
  • syspolicyd: (CoreServicesInternal) CFURLCreateBookmarkData
  • syspolicyd: [com.apple.syspolicy.exec:default] Terminating process due to Gatekeeper rejection : 89905, <private>
  • kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 89905, <path to my app>
Strange "cannot check it for malicious software" error
 
 
Q