In recent years, Apple has steadily expanded integrated malware protection into macOS. In addition to Gatekeeper, which warns against and can block apps from unknown sources, Mac operating systems now also have built-in virus protection with XProtect and XProtect Remediator (see ) in macOS Ventura, which will be released in a few weeks, the California-based company continues to follow this path and strengthen Gatekeeper’s functionality. This can have consequences for applications that do not come from the App Store.
Apps must be signed and notarized
Gatekeeper included in macOS has so far checked for the first time that a call to an app downloaded from the Internet has been correctly signed and notarized by Apple. If a serious problem is found, the gatekeeper blocks the application. This is the case, for example, if the app does not come from a verified developer. To be able to run such a program, you must explicitly allow it in the system settings under “Security & Privacy”. Another warning will appear the next time you open it; If confirmed, the app behaves like a notarized application and can be run in the future without security warnings.
In the future, Gatekeeper will check apps every time they start
Basically, the gatekeeper in macOS Ventura works the same way as in previous versions of the Mac operating system since Mac OS Catalina. However, according to the well-known developer, the gatekeeper investigates Howard Oakley In the new version, downloaded apps are no longer started only the first time, but every time they are called. This is how Apple significantly increases security, as each change to the program in the meantime always brings new warning messages. Such modifications can be done by malware, but an update downloaded and installed by the app may be enough to trigger a blockade. The same applies if the user has changed an application or if it has been damaged.
Possible to block after in-app update
Programs that use the old fashioned way for in-app updates are especially susceptible to being blocked by gatekeepers. In this case, it could lead to an inconsistency in signature or notarization between the previous and updated version, which calls Apple’s malware protection into action. This can usually be remedied by deleting the affected app and reinstalling the current version. This procedure is also recommended for damaged or user-modified applications. According to Oakley, under no circumstances should you attempt to remove the quarantine flags set by macOS or extended file attributes using Terminal commands. Disabling Gatekeeper, which some websites recommend as a workaround, can also be dangerous because it defeats the system’s first line of defense.