Looks like a weird Gatekeeper bug for certain applications if you change defaults in Finder. Documents will open fine if opened in a downloaded application, but right-clicking, choosing Open With -> Other (and/or then choosing Always Open With) will cause Gatekeeper to activate and fail to open the file. Even if you open your own created file on the computer.
Steps to repro:
- Install an app from the web like LibreOffice
- Create a csv file (Mac defaults to Numbers) using an app that was not part of the OS nor downloaded from the App Store to ensure xattr data is written that probably causes it not trust the file
- Open the csv file from Finder, it will open fine in Numbers
- Close Numbers
- Right click the file and change the default app to LibreOffice
- File will suddenly be "malware"
- Change default app back to Numbers, or manually approve that file in System Settings and the computer suddenly thinks the file is fine again
It seems spctl used to have flags to whitelist apps to make this go away, to just mass-flag everything in /Applications/ as valid, but those features were obsoleted (even though the man page says deprecated) so spctl --add and spctl --enable are both non-functional and can't be used to fix it. Probably also what's causing the bug on Finder side.
spctl scan of a file I created on my computer and has no reason to fail:
% sudo spctl -a ~/Desktop/file.csv
/Users/username/Desktop/file.csv: rejected
Something Apple will have to fix.