What is the exact behavior of Catalina verifying app?

sip catalina gatekeeper notarization

By 'verifying' I mean either

  • an explicit popup of 'Verifying'
  • or app launch stuck with XProtectService comsuming CPU in background

What I know

  • An app on local drive with com.apple.quarantine xattr will be verified on the first start, or after something changed in the app.

However I found some app on without the xattr will still be verified, especially app copied from (or directly run on) an external/network drive.

  • What is the exact behavior?
  • Anyway to avoid this (without fully disable SIP)?

Solution 1:

I’m not sure that anyone knows the full extent of how Apple’s protections work, but if I wanted to understand them better, I would start by reading Howard Oakley’s site at http://eclecticlight.co as he has done the most thorough job writing about it.

I know SE likes answers that aren’t just links, but there's way too much to try to summarize here.

This would be a good place to start reading: https://eclecticlight.co/tag/gatekeeper/

Related

How to make .command file execute at its location
How to recover Old BackUp?
How to reverse the effect of Ctrl + L in bash?
iPad Mini Not Restoring?
How to claim free disk space in APFS after deletion of huge amount of files? [duplicate]
Install csrutil or new recovery partion on High Sierra volume?
How to plug old external SSD with Ubuntu installed into new laptop
How to access the iCloud Drive Archive folder on my MacBook?
Static IP with Netplan causes slow internet speed (Ubuntu Server 20.04)
Bootcamp requires Windows 7. Possible to clean install Windows 10? [duplicate]
How do I link my keyboard keys to control audio AND to display the according UI?
Incorrect resolution and screen tearing