Assuming this is happening because command line-only apps cannot be stapled but i would assume that once the machine is connected to the internet it should be checked and allowed to run. Steps to reproduce problem: Download signed and notarized command-line only app from internet disconnect machine from internet run command-line app app is prevented from running with "this app cannot be checked for malware error" connect machine to internet run app again app is still prevented from running with same error If you re-download the app and make sure machine is connected to internet on first run then app can run with machine is not connected to internet.

Just got my brand new M1 Max laptop and am excited to get with the times and use notary tool instead of altool as recommended by the mothership but when I try to notarize the same file that altool notarizes successfully it fails. Here is is my sucessful altool command: xcrun altool --notarize-app --primary-bundle-id "My Kool Tool" --username "***@***.com" -p "@keychain:ac_notary" --asc-provider XXXXXXXXXXXX --file *.zip && rm *.zip and this is the notary tool command that fails on the same file: xcrun notarytool submit *.zip --keychain-profile "XXXXXX Apple Developer" --wait && rm *.zip Here is the output: Conducting pre-submission checks for archive.zip and initiating connection to the Apple notary service... Submission ID received  id: e20c0438-5576-4361-a11a-2efeb8exxxxx Successfully uploaded file  id: e20c0438-5576-4361-a11a-2efeb8exxxxx  path: /Users/***/Documents/archive.zip Waiting for processing to complete. Current status: Invalid.......... Processing complete  id: e20c0438-5576-4361-a11a-2efeb8exxxxx  status: Invalid and the log: xcrun notarytool log e20c0438-5576-4361-a11a-2efeb8exxxxx --keychain-profile "XXXXXX Apple Developer" {  "logFormatVersion": 1,  "jobId": "e20c0438-5576-4361-a11a-2efeb8exxxxx",  "status": "Invalid",  "statusSummary": "Archive contains critical validation errors",  "statusCode": 4000,  "archiveFilename": "archive.zip",  "uploadDate": "2021-12-07T18:57:23.193Z",  "sha256": "505d76b420d46bfd01d56c724de1c8d20121d75b0ca6cee96a51549708ec46ee",  "ticketContents": null,  "issues": [   {    "severity": "error",    "code": null,    "path": "archive.zip",    "message": "Package archive.zip has no signed executables or bundles. No tickets can be generated.",    "docUrl": null,    "architecture": null   }  ] } again, the same file notarizes with altool so it is properly signed It is worth noting that if I don't include the --asc-provider in the altool command it fails so maybe I just need to do the same with the notary tool but can't find any documentation on how to do that. Help Obi Wan