App works for a while then breaks with "You can't open the application because it may be damaged or incomplete"

Note: Before bug reporting, please make sure you have tried the latest (alpha) version of BetterTouchTool and that you have already tried to restart your system :-). If you encounter a crash, please attach a crash log from the macOS Console.app from the "User Diagnostic Reports" section.

Describe the bug
After installing the App works for a day or two, but then the icon changes to one with a grey circle across it and if you try to open it, it breaks with "You can't open the application "BetterTouchTool.app" because it may be damaged or incomplete"

Affected input device (e.g. MacBook Trackpad, Magic Mouse/Trackpad, Touch Bar, etc.):
N/A

Screenshots
If applicable, add screenshots to help explain your problem. (You can just paste or drag them here)

Device information:

  • Type of Mac:
    Screenshot 2023-02-09 at 13.19.05

  • macOS version: Ventura 13.2

  • BetterTouchTool version: 4.017

Additional information (e.g. StackTraces, related issues, screenshots, workarounds, etc.):
This has happened to me before, on older OSX versions, but I haven't seen a consistent pattern. Re-installing the app fixes it for now, but I'm worried it may recur.

I don't think this is a BTT issue ( I have never had any similar report). I suspect that it is either a hard disk failure or an external app that modifies BTT.

The only time BTT modifies its bundle is when updating to a new version. Maybe turn off auto updates for a bit to check.

Hmm - I wonder if it could be something in my corporate antivirus or similar? I'll dig further.

that's definitely possible, what scanner is it? Maybe there is a log of actions it took.

Over the years there have been a few instances were files of BTT where incorrectly flagged by some anti virus heuristic. They are usually quick to fix those after reporting to them

It's SentinelOne - yeah, once I opened the logs it has quarantined a number of files, all with "Related threat name: lamepyre" which seems to be some kind of hacked discord server.

I'll see if we have a way to flag this as "not malware" through our company infosec people.

I've raised this with our security folks and they have flagged BTT as not malware! I don't know if this will also clear it in SentinelOne or not.