syspolicyd (System Policy Daemon (Gatekeeper)) is a safe macOS security process. syspolicyd implements macOS Gatekeeper — the security feature that verifies applications are from identified developers or the Mac App Store before allowing them to run. It checks code signatures, notarization status, and quarantine attributes to prevent unsigned or tampered software from executing. syspolicyd checking apps before first launch is normal security behavior. Be concerned if Gatekeeper is being silently bypassed or if you find apps running that were never approved through the Gatekeeper flow — this could indicate malware that circumvented macOS's code signing requirements.
System Policy Daemon (Gatekeeper)
syspolicyd implements macOS Gatekeeper — the security feature that verifies applications are from identified developers or the Mac App Store before allowing them to run. It checks code signatures, notarization status, and quarantine attributes to prevent unsigned or tampered software from executing.
Apps blocked from opening with 'unidentified developer' or 'damaged' errors
Slow first launch of new applications due to notarization check
High CPU during initial verification of large applications
Gatekeeper blocking legitimate apps downloaded from the internet
If Gatekeeper blocks an app you trust, go to System Settings > Privacy & Security. After the block, you'll see an 'Open Anyway' button for the specific app. Alternatively, right-click the app in Finder and select 'Open' to bypass the first-launch check.
Apps downloaded from the internet get a quarantine flag. If an app is incorrectly flagged, remove it with 'xattr -d com.apple.quarantine /path/to/App.app' in Terminal. Only do this for apps you fully trust from known sources.
Run 'spctl -a -vvv /path/to/App.app' in Terminal to see the detailed Gatekeeper assessment, including whether the app is notarized, signed by an identified developer, or unsigned. This helps you make an informed decision about whether to allow it.
If an app shows as 'damaged,' the download may have been corrupted. Delete the app and download it fresh from the developer's website. Corrupted downloads fail code signature verification and Gatekeeper correctly blocks them.
syspolicyd checking apps before first launch is normal security behavior. Be concerned if Gatekeeper is being silently bypassed or if you find apps running that were never approved through the Gatekeeper flow — this could indicate malware that circumvented macOS's code signing requirements.
CoreLock performs deep code signature verification on all installed applications, going beyond Gatekeeper's first-launch check. It identifies apps with revoked certificates, expired signatures, or modified binaries that passed Gatekeeper initially but have since been tampered with.
Download CoreLock Freetrustd is the macOS daemon responsible for evaluating certificate trust chains. Whenever your Mac needs to verify an SSL...
sandboxd enforces the macOS App Sandbox — a security technology that restricts what applications can access. When an app...
tccd manages the macOS TCC (Transparency, Consent, and Control) framework — the privacy permission system that controls ...
syspolicyd is the daemon behind macOS Gatekeeper. Gatekeeper is the security feature that checks every new application before it runs to verify it's from an identified developer (code-signed) and hasn't been tampered with. syspolicyd also checks notarization status — Apple's verification that the app was scanned and approved.
macOS blocks apps that aren't code-signed by an identified developer or aren't notarized by Apple. This protects you from malware distributed as fake applications. If you trust the app and its source, you can allow it through System Settings > Privacy & Security > Open Anyway, or by right-clicking and selecting Open.
No. Gatekeeper is one of macOS's most important security features. Disabling it allows any software to run without verification, including malware. If you occasionally need to run unsigned software, use the per-app 'Open Anyway' option rather than disabling Gatekeeper system-wide.
Download CoreLock to identify suspicious processes, detect threats, and keep your Mac running smoothly.
Download CoreLock FreeAvailable for macOS and Windows