Game triggers AV software at launch, app is slow to open

We've noticed this behaviour for (I believe) a few months now: when we launch a new build of our game, two macOS anti-virus/AV-related processes – XprotectService and syspolicyd – seem to kick into high gear, using 100% CPU resources. Importantly, during this time the app doesn't seem to be open... we can see the new icon bouncing in the dock (since it's a new process there), but there is no actual output to player.log during this time. Eventually, XprotectService and syspolicyd finish their processing, and the game launches, and logging begins.

In fact, during testing, it seems like the time spent waiting for those processes to finish is relative to the size of the build: a small test scene (~100MB) launches in a few seconds; the full game (on the order of ~10GB) can take several minutes before launching.

Another interesting point is that this behaviour only seems to happen the first time running a new build – all subsequent launches get into the game in a matter of seconds, regardless of the size of the build.

Further, we are seeing what we think is similar behaviour on Windows, where new builds seem to trigger an AV software response, and take a long time to launch. Again, this only occurs occasionally.

I realise these processes are outside the scope of Unity support, but surely there have been even larger games (on the order of 100s of GB) which have not consistently triggered an AV response and a subsequent delay in launching. We've been on 2019.4 for a while now – is it possible that this introduced something that the OSs are flagging? Or are macOS Catalina and newer versions of Windows behaving differently, and are other Unity devs noticing/adapting to this new behaviour?

 

Since Catalina, Apple decided to focus on user security more. Apps have to be notarized, for example.

Googling "XprotectService" (built-in anti-malware protection, more or less) and "syspolicyd" (GateKeeper) brings up several sites where other people reported problems with these processes - e.g.:
- https://discussions.apple.com/thread/250737075
- https://developer.apple.com/forums/thread/71525
- https://twitter.com/cdfinder/status/1296689069687177223
- https://developer.apple.com/forums/thread/121869
- https://www.reddit.com/r/MacOS/comments/dm4dhd/syspolicyd_high_cpu_usage_on_macos_catalina/

Guess that's one of the "joys" of working with Macs now.

 

Yeah, this is why I was a bit surprised not to find much Unity-specific discussion about this. The only other mention of XprotectService I found here in the forums was here, where it seems to be affecting the Package Manager service.

I was expecting it to be a much more widespread & discussed problem for Unity devs, considering how widespread the impact seems to be otherwise.

 

So, we'll definitely be notarising the game when it's released, but right now I'm just making development builds for us to test internally. It seems like a huge extra hassle to run several command-line tools to upload a build, wait for a ticket, download it & staple it to an .app just to then test it locally or internally to see if e.g., the splash screen runs correctly.

Are we required to notarise development/internal builds? Or are there ways around that, similar to signing apps with a development certificate & profile?