Yes, it is for a security product.

I am looking at performing this check on file system paths which I can consume as an input to my product. I understand lsappinfo is not scalable, can you please suggest which APIs can get me this similar information? I have looked at using NSBundle, however, this would work if the CFBundleShortVersionString is added to the Info.plist. This would still not let me fetch the versions of dylibs linked to the executable.

Just to be clear, you were testing the fresh install and upgrade install paths, right? Yes, we have tested both fresh install and the upgrade paths and were unable to replicate this issue locally. What comments are you referring to here? The stuff about your preinstall script? Yes, that is correct.

Hello Quinn, we unfortunately do not have direct access to machines reporting this problem. We have tried to replicate this issue several times in our testing environment using fresh macOS VMs and we were unable to replicate this problem. Based on the data we collected so far, this is not a universal problem and occurring only on very few macOS machines across Intel/M-Series. Were the sysdiagnose files we collected from multiple machines which reported this problem helpful? We have also added some additional information in the FB20104614 which we are considering as a potential root cause, can you please let us know your views on the same?

Hello, We have attached multiple sysdiagnose logs to the feedback ticket raised. Can you please help us in understanding the root cause of the issue?

We have also noticed the following errors in the console for our application, can you please let us know the root cause of the error Unexpected Xprotect assessment result (9) 2025-09-09 17:14:38.418914+0200 0x471c02 Default 0x0 504 0 syspolicyd: [com.apple.syspolicy.exec:default] Adding Gatekeeper denial breadcrumb (open): PST: (path: e2901a0950b8f627), (team: xxxxxxxxxx), (id: com.abc.my-agent), (bundle_id: (null)) 2025-09-09 17:14:38.940475+0200 0x727399 Error 0x0 504 0 syspolicyd: [com.apple.syspolicy.exec:default] Unexpected Xprotect assessment result (9), failing: PST: (path: e2901a0950b8f627), (team: xxxxxxxxxx), (id: com.abc.my-agent), (bundle_id: (null)) 2025-09-09 17:14:39.462175+0200 0x72792e Default 0x0 504 0 syspolicyd: [com.apple.syspolicy.exec:default] GK evaluateScanResult: 3, PST: (path: e2901a0950b8f627), (team: xxxxxxxxxx), (id: com.abc.my-agent), (bundle_id: (null)), 0, 0, 1, 0, 8, 4, 9 2025-09-09 17:14:39.462850+0200 0x72792e Default 0x0 504 0 syspolicyd: [com.apple.syspolicy.exec:default] Prompt shown (1, 0), waiting for response: PST: (path: e2901a0950b8f627), (team: xxxxxxxxxx), (id: com.abc.my-agent), (bundle_id: (null))

We have tried multiple in-house replications for this issue and we were unable to replicate this on demand. This is an issue that is occurring across platforms (Intel/ARM). We have also tried the install on a fresh VM, however, we are unable to replicate this. We have also noticed a pattern of all of the affected machines receiving 15.6.1 OS update few days (as close as few hours before) before our product patch is applied and this prompt is triggered. The install.log indicates a clean install of our product without any issues. I have created a feedback ticket for the same sharing more details on this issues, FB20104614

Thank you. I will not be able to share the link publicly for my application. This is also not occurring on all of the MacOS machines my application is installed in, just a few machines. Please let me know if we can raise a ticket for this. I can share more background and details on this issue in the ticket.

Yes, the application only shows the stapling error which I understand is not a "fatal" error from the documentation. "Severity: Fatal Full Error: A Notarization ticket is not stapled to this application. Type: Distribution Error" I have also run "/usr/bin/log show --predicate '(process == "syspolicyd") && (eventMessage CONTAINS "MyApp")'" and "/usr/bin/log show --predicate '(process == "trustd") && (eventMessage CONTAINS "MyApp")'" I don't see any logs messages for the above two commands

I will be distributing the application directly using Developer ID signing

Please let us know if there is an update on this issue.

This is an issue occurring in Ventura & Sequoia on M1 processor. We have not looked at sysdiagnose to see the reason as this is occurring on a machine we don't have ready access to. The following are the details of our investigation based on the logs shared from these machines: Our application has patched from a legacy version where we were using Rosetta translated binaries to latest arm64 supported version. Our application was in a repeated install loop due to a buggy script deployed on that machine which is now resolved. There are no changes to device AFAIK. The application version is compatible with the OS. We have done the initially listed checks after these repeated installs have stopped and when this prompt started popping up.