Sharing & Permissions has two “everyone” entries, only for applications by Apple

macos sharing applications permission

Solution 1:

This is a normal behavior of the Sharing & Permissions Info window in macOS systems protected by SIP.

The three latter are the POSIX permissions:

rwxr-xr-x@  3 root      wheel  restricted   102 Jul 22  2017 Activity Monitor.app
    com.apple.rootless

rwx read/write(/traverse(execute)) for the user root/system
   r-x read(/traverse(execute)) for the group wheel
      r-x read(/traverse(execute)) for everyone

The first entry (everyone > Custom) is a result of the restricted flag/com.apple.rootless attribute and can be interpreted as an ACL: group:everyone deny delete and the ACL can't be modified!

An (older) list of all restricted/SIP protected files and folder can be found here: System Integrity Protection – Adding another layer to Apple’s security model

Related

How to launch Steam games from Spotlight?
How can I prevent my Apple ID account from being recovered using a trusted phone number?
Identify a partition from script
can't find "WhatsApp Web" on my iPhone
Switch AirPods from macOS to iOS 11
Website hosted on Mac taking too long to load on the first access
Magic Mouse arrow briefly gets stuck at random places on screen
Does the iPhone X use facial recognition hardware?
Optimal way to clean Lightning port?
How do i transfer apps from one iPhone to another
Safari file save location
What causes ssh to return Network is down?