What is syspolicyd?

syspolicyd is one of the main security enforcement processes on macOS.

What is syspolicyd?

It is the System Policy daemon. It enforces several important macOS security features:

• Gatekeeper: controls which apps can run, based on where they came from and how they are signed
• Notarisation checks: confirms that apps have been scanned by Apple for malware
• TCC help: works alongside tccd to enforce app permissions (though tccd does the main work)

What is Gatekeeper?

Gatekeeper is the first line of defence against malware on macOS. When you open an app for the first time, Gatekeeper checks:

1. Is the app signed by a known developer?
2. Has Apple scanned the app for malware (notarisation)?
3. Has the app been changed since it was signed?

syspolicyd runs these checks and decides whether the app may run.

Why does it sometimes block apps?

If you download an app that is not signed or not notarised, syspolicyd blocks it and shows a warning. You can override this in System Settings, then Privacy and Security if you trust the app.

Does it slow down app launches?

The first time you open a downloaded app, Gatekeeper scans it. This can take a moment for big apps. After that first check, later launches are fast because the result is saved.

Can you turn off Gatekeeper?

You can change the policy in System Settings, then Privacy and Security, but turning Gatekeeper off fully is not wise. It is one of your Mac's best guards against malware.

Should you worry?

No. syspolicyd protects you. If it blocks an app, take a moment to check the app comes from a source you trust before overriding the block.

Enjoyed this post?

Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.

Tags