Is this app malicious?
QWhen my Mac installed a recent security data update, it reported that a Citrix app was malicious and wouldn’t run it. Has my Mac got malware?
A
Almost certainly not. The reason that this happened goes back a few years, and is all about security Certificate Authorities. Normally, Mac software is signed using certificates issued to developers by Apple, but that isn’t an absolute requirement. Over five years ago, certain tools developed by Citrix and other developers relied on and included other components which were signed not with Apple certificates but using independent certificates relying on Symantec as their Certificate
Authority. Since then, for other reasons, Symantec has ceased being trusted as a Certificate Authority. macOS stopped trusting the certificates it issued over a year ago, but it’s rare for existing apps to have their certificates fully checked.
Recently, macOS security updates caused these apps to undergo deep checks, in the course of which, Macs have discovered that they had been relying on certificates which are now no longer trusted. The Gatekeeper system in macOS then reports them as being damaging, which they’re not, and refuses to run them. Contact Citrix for updated versions which no longer rely on the Symantec Certificate Authority, and that software should run fine again. The same applies to other products which have similar problems.