Issues with Download, Installation or Running being Blocked

Mac not being able to verify the Developer

On a Mac you may get an error: “VASSAL cannot be opened because the developer cannot be verified. MacOS cannot verify that this app is free from malware.” Click Okay on such a dialog.

If you have the current or a recent version of MacOS, Gatekeeper is probably active–MacOS will block VASSAL from running on the first attempt (because this isn’t what Apple considers a code-signed app).

You’ll have to go into System PreferencesSecurity & Privacy to allow it to run. This only needs to be done once.

Step 1: System Preferences → Security & Privacy

Step 2: Unlock (if needed) and click Open Anyway

Step 3: Click Open

Alternatively you can open a Finder window, type VASSAL into the search field, and double click on your new VASSAL install to open it for the first time - this will give you an “are you sure?” type dialog, and once you are past that then you will be able to open VASSAL normally in the future.

Alternative solution

Use the web-client curl which is part of MacOS. Follow the steps below:

  1. Go to the GitHub Release page

  2. Find the version of VASSAL you are interested in. For example VASSAL-3.6.17-macos-aarch64.dmg for VASSAL version 3.6.17 on Apple M1 chips.

  3. Right click the link and select Copy link address (or similar).

  4. Open a terminal via FinderApplicationsUtilitiesTerminal
    (If you have not used a terminal before, perhaps this solution is not for you. The terminal is a very powerful tool to interact with the operating system in ways you’ve never imagined.)

  5. In the terminal, change directory to your desktop directory

cd Desktop

  1. In the terminal, type

curl -LO <paste copied link>

where <paste copied link> is the link you copied above pasted into the terminal (⌘-V), and press enter.
3. The file will start downloading showing you a nice progress bar
3. Once downloaded, double-click the VASSAL DMG now on your desktop, and install per usual instructions.


MacOS attaches a quarantine attribute to files downloaded by web browsers, which prompts intervention by the Gatekeeper feature. Downloads performed by command line tools like curl and wget do not have this attribute set.

“this file isn’t commonly downloaded” warning

On Windows, when downloading a newly-released version of VASSAL with Edge, Chrome, and other browsers, Microsoft SmartScreen may intervene with a warning that the file isn’t commonly downloaded. Respond to these prompts by choosing to keep the file anyway.

Edge warns about the installer download–start by choosing “Keep”.

On the repeated warning, choose Keep anyway to save the download

In Chrome, choose Keep to save the download from the warning dialog

“Windows protected your PC” when running the installer

Windows Defender sometimes blocks VASSAL’s installer from running: “Microsoft Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.”

Windows checks whether executables downloaded from the internet are signed and how often they’ve been downloaded (globally). Our installer is not presently signed, so you may see this message if you try installing VASSAL shortly after a new release. It does not indicate a problem with the installer.

Click More info in the dialog to reveal the Run anyway button to run the installer.

Antivirus scanner quarantines the installer

Some antivirus scanners (AVG and Avast in particular) mistdetect Vassal’s Windows installers as a threat. The way to fix this problem, both for yourself and for others, is to report the false positives to your AV vendor. (E.g., there is a “Report as false positive” link in the screenshot from AVG shown here.)
AVG "Threat secured" dialog

If you want to verify that your installer is the installer we released, you can check the SHA256 hash of your installer file against the list we publish. (If you need a tool for computing the SHA256 hash of the installer file you have, a simple solution is to try uploading the file to VirusTotal, which will compute the file’s SHA256 hash and display it.)