Gatekeeper
E41427
Gatekeeper is a macOS security feature that helps protect users by allowing only trusted software to run on the system.
Statements (46)
| Predicate | Object |
|---|---|
| instanceOf |
application execution control mechanism
→
macOS security feature → |
| allowsOverrideBy |
user explicit approval
→
|
| blocks |
apps from unidentified developers by default
→
|
| canBeConfiguredVia |
Security & Privacy preferences
→
System Settings → |
| canBeDisabledBy |
system administrator
→
|
| category |
macOS security and privacy
→
|
| checks |
code signing status of applications
→
developer certificate of applications → notarization status of applications → |
| configurationLevel |
per-system
→
|
| defaultBehavior |
allow apps from App Store and identified developers
→
|
| designedFor |
protecting non-technical users from running unsafe software
→
|
| detects |
applications downloaded from the internet using quarantine attributes
→
|
| developedBy |
Apple Inc.
→
|
| enforces |
restrictions on apps downloaded from the internet
→
|
| integratesWith |
XProtect
→
macOS code signing infrastructure → |
| introducedBy |
Apple Inc.
→
|
| introducedIn |
OS X Mountain Lion
→
|
| logging |
security events related to blocked applications
→
|
| mitigates |
execution of tampered applications
→
malware installation risk → |
| operatesOn |
downloaded application bundles
→
|
| operatingSystem |
macOS
→
|
| platform |
Mac
→
|
| policyOptions |
App Store and identified developers
→
App Store only → |
| policySource |
Apple security policies
→
|
| purpose |
prevent execution of untrusted applications
→
protect users by allowing only trusted software to run → |
| relatedConcept |
application whitelisting
→
code signing → software notarization → |
| releaseType |
built-in system feature
→
|
| requires |
internet connection for some notarization checks
→
|
| scope |
applications launched by the user
→
|
| securityModel |
whitelisting of trusted software sources
→
|
| supports |
per-app user override via context menu Open
→
|
| trustsByDefault |
Mac App Store applications
→
applications signed with valid Apple Developer ID → |
| userInterface |
warning dialogs when blocking applications
→
|
| uses |
Apple Developer ID certificates
→
Apple notarization service → |
| verifies |
that apps have not been modified since signing
→
|
Referenced by (2)
| Subject (surface form when different) | Predicate |
|---|---|
|
Mac
→
|
hasSecurityFeature |
|
macOS
→
|
supportsSecurityFeature |