As drawfloat pointed out, Apple doesn't have to explicitly guarantee no susceptibility to malware. The FTC Act considers anything from an Elon Musk tweet about flamethrowers to a casual joke at Apple's Keynote, and weighs whether a reasonable consumer would expect the product to reflect that claim. That doesn't mean implied guarantees are as easily prosecuted. But it does mean that when Tim Cook or Steve Jobs, or another named executive, is on stage and says something along the lines of, "We don't have the same problems as Windows," and a reasonable audience member understands he's referring to malware risk on macOS vs Windows, that's enough to say Apple has made a legal guarantee to the consumer. The law is open-ended like this because promises can look like anything, from outright printing FREE SAME-DAY SHIPPING to printing in an FAQ that most orders arrive within 7 days. If it wasn't cost prohibitive, you could actually file a small claim against, say, Amazon, for a two-day Prime delivery not arriving within two days.

The broader point though, is that Apple has established the belief that macOS is not susceptible to malware. That's why people don't "need" a virus scanner running in the background.

And this belief is widespread enough that it warrants questioning the basis of a use case for this check: Why does macOS need to send my data to a remote server upon initial load of each application to verify it with Apple's whitelist (approve-list? what's the right term these days?), if the operating system's existing protection has to date fulfilled the implied guarantee by CEO, Tim Cook, and former CEO, Steve Jobs, of zero or limited, but otherwise insignificant, exposure risk to malware?