macOS Gatekeeper Error for Unverified CLI Binaries
Purpose
This KB explains why macOS blocks certain command-line tools with a malware verification error and how to safely run trusted binaries.
eck-diagnostics is used as an example, but this applies to any non-notarized CLI tool.
Error
When executing a downloaded binary, macOS displays the following error:
Apple could not verify
<binary-name>is free of malware that may harm your Mac or compromise your privacy
Root Cause
macOS Gatekeeper blocks binaries when:
- The binary is not notarized by Apple
- The binary was downloaded from the internet
- The file has a
com.apple.quarantineattribute set
This is common for:
- Open-source tools
- Vendor-provided diagnostics utilities
- Internal or airgapped tooling
This behavior is expected and does not indicate malware.
Security Considerations
Before bypassing Gatekeeper, ensure:
- The binary is obtained from a trusted source
- Checksums are verified when provided
- The tool is required for operational or diagnostic purposes
This applies to:
- macOS on Apple Silicon and Intel
- Any third-party or open-source CLI tool
- Airgapped or restricted environments
Resolution (Recommended Method)
Use Terminal to remove the quarantine flag from the binary:
xattr -dr com.apple.quarantine <binary-name>
Example:
xattr -dr com.apple.quarantine eck-diagnostics
Ensure the binary is executable:
chmod +x <binary-name>
Verification
Run the binary again:
./<binary-name>
The error should no longer appear.
Alternative Resolution (GUI Method)
If the binary was already blocked:
- Open System Settings
- Go to Privacy & Security
- Scroll to Security
- Locate the blocked application
- Click Allow Anyway
- Re-run the binary