What is the exact behavior of Catalina verifying app?
By 'verifying' I mean either
- an explicit popup of 'Verifying'
- or app launch stuck with
XProtectService
comsuming CPU in background
What I know
- An app on local drive with
com.apple.quarantine
xattr will be verified on the first start, or after something changed in the app.
However I found some app on without the xattr will still be verified, especially app copied from (or directly run on) an external/network drive.
- What is the exact behavior?
- Anyway to avoid this (without fully disable SIP)?
Solution 1:
I’m not sure that anyone knows the full extent of how Apple’s protections work, but if I wanted to understand them better, I would start by reading Howard Oakley’s site at http://eclecticlight.co as he has done the most thorough job writing about it.
I know SE likes answers that aren’t just links, but there's way too much to try to summarize here.
This would be a good place to start reading: https://eclecticlight.co/tag/gatekeeper/