Are certain apps not in the app store able to bypass Gatekeeper Settings.

If you have gotten as far as mounting the DMG, you haven’t installed anything. Yet.

Related: Safely open apps on your Mac - Apple Support

If you happen to have an add-on VPN installed, I’d suggest spending some time considering exactly what that does and does not provide, as compared with TLS and Private Relay, for instance.

stiletile wrote:

I am using a 2020 Intel MBP and in Privacy and Security I have allowed downloads only from the App store.

That's not quite what it says. It says "Allow applications downloaded from". You can download anything you want from anywhere. Gatekeeper doesn't block the download. Gatekeeper only intervenes when you go to install the software. That is where it will check where the file was downloaded from. In fact, the App Store bypasses Gatekeeper altogether.

stiletile wrote:

Then I went to gatekeeper assuming I would have to allow it to be installed, but I was surprised to see it wasn’t caught. Now because it wasn’t downloaded from the app store directly I am still a little confused.

I'm not sure what you are saying.

There are two different use cases that both involve "Gatekeeper", but they are significantly different based on different circumstances.

If you download any kind of installer, such as a dmg, pkg installer, or app in a zip file, Gatekeeper will display one or two dialogs. The first will be to confirm that you really want to open the file downloaded from /yada/yada/yada. But then, if the file in question doesn't meet your security requirement, whatever those happen to be, then it will be blocked with a different popup, the wording of which will be based on your security requirements.

Then, for any app that wants to install additional low-level system modifications, you may be required to also go to the Security settings in System Settings and allow it. In most cases, the software won't work properly until you do this. I'm not sure if Nord Pass includes this kind of software or not.

It sounds like you were expecting to perform this last step. However, you first have to install the app in question before you can allow those low-level components. I'm not sure from your description if you actually did that. I'm not sure if Nord Pass actually uses that. It appears to be a standalone app, but there is no way to really tell anymore. Many apps are just installer apps that will then download additional software and install it. Note that any app that does this has the capability to bypass Gatekeeper completely. 😄 That's why Apple added some additional notification in Ventura to let you know when an app installs low-level system modifications.

Yes. It is very complicated. If you keep it set to "App Store" only, then it becomes much less complicated.

I’m not convinced you ran any installer. All you did was open a DMG file. All that does is mount the virtual disk and give you access to the files therein. The NordPass file I downloaded was just an app. It may do more things later, but as far as the DMG and Gatekeeper is concerned, it is just an app. You shouldn’t be able to run the app with those settings. But yes, you can open the DMG, or even copy the app to Applications. But you won’t be able to run it. Therefore, it won’t be able to add any extensions for you to approve.

The app is available in the app store.