Just completed a quick video in FCP of my 2 year old grandson and exported it to an external SSD.
When I tried to play it I received the warning window from my M4 telling me that Apple could not guarantee it was free of malware.
I used the "Open Anyway" option in the System Settings Security pane but how on earth did this happen?
The video was just 6 minutes of footage shot in my house with no music or other external contribution.
Mac mini, macOS 26.2
Ian, this is an interesting scenario, so thank you for reporting it. This is not a new issue, and it's actually not an FCP issue. It is a MacOS issue, and variations of it were reported in macOS forums in 2019:
mp4 "can’t be opened because it is from a… - Apple Community
More detail this Feb. 2025 macOS forum thread, which Luis worked on. There was speculation on that thread it might be a Sequoia regression, but on my Tahoe 26.2 machine, I can't even do File>Open With Shutter Encoder, as it either doesn't show up or it's greyed out: After updating to Sequoia 15.3, all MP4s … - Apple Community
The root problem is that the Shutter Encoder app is not properly code-signed by the developer. These commands to inspect that show errors:
codesign -dv --verbose=4 /Applications/Shutter\ Encoder.app
spctl --assess --verbose /Applications/Shutter\ Encoder.app
The codesign signature is being invalidated because of "unsealed contents" in the bundle root. It appears that his build process is placing files (perhaps a script or a readme) directly inside the .app wrapper (at the root level), rather than inside the Contents/ folder. Also, the Info.plist seems to be modified after the code-signing phase, or it is not included in the _CodeSignature seal.
There is an extended attribute on the FCP-generated MP4 file called com.apple.quarantine. That can be seen by running ls -l@ on the MP4 file. Historically, this flag was only for files downloaded from the internet. However, in modern macOS, sandboxed applications (like Final Cut Pro) often tag exported files to maintain a "chain of custody."
Because this attribute is present, macOS basically mandates: "This file has a provenance tag (Final Cut Pro). I cannot just execute it blindly. I must validate the 'Handler' (the app the user chose) to ensure it's safe to hand this file over."
In Finder you did Open With>Shutter Encoder.
Gatekeeper then inspects Shutter Encoder.app. It asks: "Is this app properly signed and notarized?"
Answer: No, therefore the open attempt fails.
Apparently, on Apple Silicon and recent macOS versions, Gatekeeper checks the interaction between the app and the File. So it's possible an update to macOS could *appear* as a regression, but in fact the problem was there all along in the codesigned app package, which macOS was not checking.
Unfortunately, the UI shows the MP4 name in the error, but it's actually a "transitive trust failure" of which the MP4 is only one element, and the improperly codesigned Shutter Encoder is the actual cause.
I will contact the Shutter Encoder developer about this.
In the meantime, as a workaround, you can simply drag/drop the MP4 from Finder to the open Shutter Encoder window.
Ian, this is an interesting scenario, so thank you for reporting it. This is not a new issue, and it's actually not an FCP issue. It is a MacOS issue, and variations of it were reported in macOS forums in 2019:
mp4 "can’t be opened because it is from a… - Apple Community
More detail this Feb. 2025 macOS forum thread, which Luis worked on. There was speculation on that thread it might be a Sequoia regression, but on my Tahoe 26.2 machine, I can't even do File>Open With Shutter Encoder, as it either doesn't show up or it's greyed out: After updating to Sequoia 15.3, all MP4s … - Apple Community
The root problem is that the Shutter Encoder app is not properly code-signed by the developer. These commands to inspect that show errors:
codesign -dv --verbose=4 /Applications/Shutter\ Encoder.app
spctl --assess --verbose /Applications/Shutter\ Encoder.app
The codesign signature is being invalidated because of "unsealed contents" in the bundle root. It appears that his build process is placing files (perhaps a script or a readme) directly inside the .app wrapper (at the root level), rather than inside the Contents/ folder. Also, the Info.plist seems to be modified after the code-signing phase, or it is not included in the _CodeSignature seal.
There is an extended attribute on the FCP-generated MP4 file called com.apple.quarantine. That can be seen by running ls -l@ on the MP4 file. Historically, this flag was only for files downloaded from the internet. However, in modern macOS, sandboxed applications (like Final Cut Pro) often tag exported files to maintain a "chain of custody."
Because this attribute is present, macOS basically mandates: "This file has a provenance tag (Final Cut Pro). I cannot just execute it blindly. I must validate the 'Handler' (the app the user chose) to ensure it's safe to hand this file over."
In Finder you did Open With>Shutter Encoder.
Gatekeeper then inspects Shutter Encoder.app. It asks: "Is this app properly signed and notarized?"
Answer: No, therefore the open attempt fails.
Apparently, on Apple Silicon and recent macOS versions, Gatekeeper checks the interaction between the app and the File. So it's possible an update to macOS could *appear* as a regression, but in fact the problem was there all along in the codesigned app package, which macOS was not checking.
Unfortunately, the UI shows the MP4 name in the error, but it's actually a "transitive trust failure" of which the MP4 is only one element, and the improperly codesigned Shutter Encoder is the actual cause.
I will contact the Shutter Encoder developer about this.
In the meantime, as a workaround, you can simply drag/drop the MP4 from Finder to the open Shutter Encoder window.
Thanks for the detailed info!
I could not replicate the error in Sequoia 15.7.3 Intel, FCP 11.2, and Shutter Encoder 19.8 so maybe I missed some workflow to trigger it.
That quarantine flag has recently caused issues with pure data files but lately it has been fixed with macOS updates at least in my setup:
How to permanently allow opening .webp fi… - Apple Community
BTW GraphicConverter 12.5 has an option to check and reset those quarantine flags:
GC does not completely delete it so after "Delete" it reads as:
Or check it via the Terminal with commands like:
xattr -l test.m4v
com.apple.quarantine: 0082;6975b51b;Final Cut Pro;
ls -l@ test.m4v
-rw-r--r--@ 1 ***** staff 856845 Jan 25 08:15 test.m4v
com.apple.quarantine 28
...and completely delete that flag from a single file or en masse:
xattr -d com.apple.quarantine test.m4v
I did a detailed technical write-up on this and posted it on the author's r/shutterencoder subreddit.
Examination of the Shutter Encoder.app package shows a hidden icon file in the root of the .app package. It was probably left there accidentally during the build process. He must delete it, redo the codesign, and then upload the signed .app package. We end users can do SHIFT+CMD+. (SHIFT+CMD+period) to show hidden file then delete it, but that doesn't help. It must be codesigned with that file already deleted.
If there are other reports involving different utilities than Shutter Encoder, it may be a similar code signing or packaging error.
I have run some more tests altering the project slightly.
Originally I tried to open the file by using "Open with/Shutter Encoder" rather than simply double-clicking the .mp4 so I thought this may have been causing the problem.
The tests were inconclusive as some worked and some didn't but there is really no excuse for the computer making this mistake which I have never experienced in 25 years.
Thanks for the info joema.
When you introduced me to Shutter Encoder 2 weeks ago I used it the standard way of dropping files into the window and had no problems.
Interestingly when I use the "Open with" command, it merely opens Shutter Encoder and I still have to drag the file to the window, so in future I will not bother with that technique.
My FCP video may contain malware!