OS X 10.5 introduced a file quarantine service that displays a warning when you attempt to open an item downloaded from an external source like the internet.
An item only goes into File Quarantine when the application that downloaded it marks the file. All built-in Apple applications use File Quarantine for downloaded items, this doesn’t have to be true for 3rd party applications.
The file is marked via an extended attribute called com.apple.quarantine. The result of this mark is a warning screen when you try to open the item for the first time.
As soon as an Administrator clicks open the quarantine mark will be removed and the item will open. When a standard user clicks open, the item will open but the quarantine flag will remain. Hence, the next time a user tries to open the same item the warning will re-appear.
In the background the OS removes the com.apple.quarantine flag from the extended attributes of the item. There’s also a possibility to show these extended attributes in the Terminal. The result of this command shows if a file is in File Quarantine or not.
Check if file is in quarantine
You can get this information with the following command:
Giving you the following result :
The com.apple.quarantine in the screenshot means that this application is currently in File Quarantine.
Remove file from quarantine
The xattr command als gives a possibility to manually remove the File Quarantine mark:
Behold. The com.apple.quarantine flag has been removed and the item is no longer in File Quarantine.