We are experiencing a significant issue with macOS security alerts that began on July 9th, at approximately 4:40 AM UTC. This alert is incorrectly identifying output files from our snippet tests as malware, causing these files to be blocked and moved to the Trash. This is completely disrupting our automated testing workflows. Issue Description: Alert: We are seeing the "Malware Blocked and Moved to Trash" popup window. Affected Files: The security alert triggers when attempting to execute .par files generated as outputs from our snippet tests. These .par files are unique to each individual test run; they are not a single, static tool. System-Wide Impact: This issue is impacting multiple macOS hosts across our testing infrastructure. Timeline: The issue began abruptly on July 9th, at approximately 4:40 AM UTC. Before that time, our tests were functioning correctly. macOS Versions: The problem is occurring on hosts running both macOS 14.x and 15.x. Experimental Host: Even after upgrading an experimental host to macOS 15.6 beta 2, the issue persisted. Local execution: The issue can be reproduced locally. Observations: The security system is consistently flagging these snippet test output files as malware. Since each test generates a new .par file, and this issue is impacting all generated files, the root cause doesn't appear to be specific to the code within the .par files themselves. This issue is impacting all the snippet tests, making us believe that the root cause is not related to our code. The sudden and widespread nature of the issue strongly suggests a change in a security database or rule, rather than a change in our testing code. Questions: Could a recent update to the XProtect database be the cause of this false positive? Are there any known issues or recent changes in macOS security mechanisms that could cause this kind of widespread and sudden impact? What is the recommended way to diagnose and resolve this kind of false positive? We appreciate any guidance or assistance you can provide. Thank you.

In order to fetch the unexpected pop-up dialog window when executing e2e tests. For example: I write a simple Apple script get_popup_windows.scpt as follows: tell application "System Events" tell process "SystemUIServer" set securityAlertWindows to (every window whose subrole is "AXDialog") set securityAlertTitles to {} repeat with securityAlertWindow in securityAlertWindows set securityAlertTitle to (securityAlertWindow's title as text) set end of securityAlertTitles to securityAlertTitle end repeat end tell end tell return securityAlertTitles However, when I execute osascript get_popup_windows.scpt It returns empty even when there is a popup window in my mac. Does anyone know the reason? Thanks for help. Will

For our iOS inception e2e test, sometimes the test is blocked by the Mac pop-up window alert. The possible pop-up as follows: Java Access Pop-up Accessibility Pop-up SystemProperty Pop-up and so on...... In order to fetch the unexpected pop-up dialog window when executing e2e tests. I write a simple Apple script get_popup_windows.scpt as follows: tell application "System Events" set allProcesses to processes whose background only is false -- Log the count of allProcesses log "Number of processes found: " & (count of allProcesses) set dialogInfos to {} repeat with eachProcess in allProcesses try tell eachProcess log "Process Name: " & (name of eachProcess as text) set allWindows to (windows whose subrole is "AXStandardWindow" or subrole is "AXDialog") log "Number of allWindows found: " & (count of allWindows) repeat with eachWindow in allWindows set uiElements to UI elements of eachWindow log "eachWindow: " & (name of eachWindow as text) set the end of dialogInfos to {title:(name of eachWindow as text), processName:(name of eachProcess as text)} end repeat end tell end try end repeat end tell return dialogInfos However, when I execute the script: osascript get_popup_windows.scpt The result as follows: Number of processes found: 10 Process Name: Terminal Number of allWindows found: 1 eachWindow: scripts — osascript get_popup_windows.scpt — 143×41 Process Name: Google Chrome Number of allWindows found: 1 eachWindow: Gemini - Google Chrome - Will Process Name: sublime_text Number of allWindows found: 0 Process Name: Notes Number of allWindows found: 0 Process Name: Music Number of allWindows found: 0 Process Name: Finder Number of allWindows found: 0 Process Name: app_mode_loader Number of allWindows found: 0 Process Name: Simulator Number of allWindows found: 0 Process Name: app_mode_loader Number of allWindows found: 0 Process Name: Script Editor Number of allWindows found: 0 title:scripts — osascript get_popup_windows.scpt — 143×41, processName:Terminal, title:Gemini - Google Chrome - Will, processName:Google Chrome => I cannot fetch the target pop-up window in the Mac desktop. Please guide me if you have any suggestions, thanks.