Certain "Unidentified" Developer Tools Blocked

mattmghost
New Contributor II

Hey everyone. So we're finally in the process of getting our fleet upgraded from Monterey to Sonoma and we have certain developer tools we use from HomeBrew for our internal code/projects. When the tools are installed, we've got a couple of errors that the tool "was blocked from use because it is not from an identified developer". The tools in question are:

  • heptc
  • libzmq-local.dylib
  • tril

In addition to those being blocked, trying to open Tril triggered another warning of that "tril cannot be opened because the developer cannot be verified. macOS cannot verify that this app is free from malware". And then the only options that appear, unless you right-click on the app, are "Move to Trash" and "Cancel". Is there a way to get an identifier from these tools like those ".com" hidden files so I can whitelist them for our users? Like how you can use a configuration profile to verify certain system extensions? Thanks!

2 REPLIES 2

AJPinto
Honored Contributor III

Apples documentation is below. The TL;DR is whoever is making these binaries does not have an Apple Developer account and is not submitting for notarization, or the notarization is outdated. So, literally anything could be in those binaries and macOS wont trust it to run. The "fix" is for the developer to sign and notarize the binaries and redistribute. 

Apple can’t check app for malicious software - Apple Support

cdev
Contributor III

It is possible programmatically to clear the quarantine flag from the binaries that would allow them to run, but as @AJPinto mentioned, it opens you up to a security loophole by approving/allowing an app to run that could have malicious code inside. This is an area to tread very carefully the fine line between enabling your users to run their preferred tools and creating a security vulnerability.