LuLu misidentifies "Apple Proper" executable as unsigned

[stolendata]

macOS 14.7/Arm64, LuLu 3.0.1.

I was about to ssh into a new host in my LAN, which rejected the connection because I had forgotten to start sshd on that host. By reflex I immediately tapped up+return again within a split second to retry the connection. On the second attempt LuLu failed to recognize macOS' native ssh executable and popped an alert. I blocked the request in order to see what details LuLu had picked up for the "other" ssh executable:

Two separate entries for the same path/file. I tried several times to reproduce it without success. I've updated to LuLu 3.1.5 since then, and haven't been able to trigger it on that version either. A pretty worrying event for obvious reasons. Perhaps a race condition of some sort relating to a timestamp with low resolution - I ran the second ssh invocation less than 0.5 sec after the first one.

[objective-see]

Thanks for the bug report. I'm fairly confident this is related to: https://github.com/objective-see/LuLu/issues/711 which as you surmise was related to a 'race' - specifically for processes that quickly exited (and thus LuLu couldn't get their code signing information).

Good news, this is now fixed as of version 3.1.1: https://github.com/objective-see/LuLu/releases/tag/v3.1.1

Though if this issue still persists on recent versions, please let me know!