Help

Simple Gatekeeper question

Go to solution
rdeleon
New Contributor III

Posted on ‎07-13-2023 08:12 AM

Hello everyone,

Hope everyone is having a good week.

I have a simple question to ask. I'm trying to install an application called Gytpol on a Mac and I'm getting this error. (See screenshot 1) - When I click on: "Open Anyway" the same error still appears. I checked the GateKeeper settings and the options needed to bypass this error have been enabled - (See screenshot 2). I was wondering if there's another setting that I need in order to get this processed? Obviously, I don't want to bypass Gatekeeper with the spctl --MASTER-DISABLE command and disable GK since this install is going to be added onto other users. 

Thanks team.

When I click: "Open Anyway" The same error pops-up againWhen I click: "Open Anyway" The same error pops-up againThese are the settings that are currently enabled.These are the settings that are currently enabled.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
mm2270
Legendary Contributor III

Posted on ‎07-13-2023 12:11 PM

As I can see you downloaded the pkg from the internet, I would check the quarantine flag on the file. It may be set and preventing Gatekeeper from scanning the package. I've seen that happen before, and the message you get is a little confusing.

Try running this against the downloaded app

xattr -dr com.apple.quarantine /path/to/gytpol-client-1.0.1.1-13_amd64.pkg

You may or may not need to use sudo in front of the command, not really sure. It depends on the ownership and permissions on it and which account you run this command under. The above will attempt to remove the Apple quarantine flag on it. Do that and then try installing it again.

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
jamf-42
Valued Contributor II

Posted on ‎07-13-2023 08:28 AM

Have a dig about with, might tell you more https://www.mothersruin.com/software/SuspiciousPackage/ 

Go to solution
mm2270
Legendary Contributor III
In response to jamf-42

Posted on ‎07-13-2023 12:15 PM

Kudos to downloading and using Suspicious Package. Even if it only turns out to be the quarantine flag causing the issue, Suspicious Package is an awesome piece of software that I use a lot myself. It tells you so much about a package before you ever install it, like what it installs and where, what scripts it runs and their entire contents, whether it's notarized and/or developer signed and a lot more. Great and handy program to have around for sure!

0 Kudos

Go to solution
mm2270
Legendary Contributor III

Posted on ‎07-13-2023 12:11 PM

As I can see you downloaded the pkg from the internet, I would check the quarantine flag on the file. It may be set and preventing Gatekeeper from scanning the package. I've seen that happen before, and the message you get is a little confusing.

Try running this against the downloaded app

xattr -dr com.apple.quarantine /path/to/gytpol-client-1.0.1.1-13_amd64.pkg

You may or may not need to use sudo in front of the command, not really sure. It depends on the ownership and permissions on it and which account you run this command under. The above will attempt to remove the Apple quarantine flag on it. Do that and then try installing it again.

0 Kudos

Go to solution
rdeleon
New Contributor III

Posted on ‎07-13-2023 02:07 PM

Hey guys, I just wanted to add that we got this application from a vendor so it is a legitimate program that was approved by our Cyber team. We ran the command that @mm2270 provided and that worked. However, is this something more toward the application developer that this issue needs to be looked at or is there a way to disable the quarantine flag so this application can open freely without the use of commands or disabling Gatekeeper?

0 Kudos

Go to solution
mm2270
Legendary Contributor III
In response to rdeleon

Posted on ‎07-13-2023 04:08 PM

You can't permanently disable the quarantine flag on downloaded files as it's something that comes from programs like Safari and other browsers. I suppose potentially if you downloaded it from a Windows machine and transferred it to a Mac, it might not have that flag set, but I've never tried that. The best thing to do is keep that xattr command handy and run it against downloads as needed.

That said, I don't run into it too often, so it might have something to do with the originating site. For example, when I download any Microsoft installer packages from https://macadmins.software I never have an issue with those. But I've seen it from some others.

You might also want to look at this other recent discussion, as it seems Apple added some additional flags starting in macOS Ventura to downloads that can cause similar issues, that they failed to document thoroughly. This is my shocked face (-_-)
https://community.jamf.com/t5/jamf-pro/packaging-drag-amp-drop-apps-with-composer-broken-on-ventura/...