Little Snitch Changelog

What's new in Little Snitch 5.7.4

Mar 8, 2024

Fixed an issue on macOS Sonoma 14.4 causing Automatic Profile Switching to not work with Wi-Fi networks.
Fixed a bug in Configuration where badges in the sidebar were not correctly displayed.
Fixed a bug in Network Monitor where the map would initially open 180 degrees longitude off from your location on large displays.
Fixed a drawing bug in the traffic diagram of Network Monitor.

New in Little Snitch 5.7.3 (Jan 15, 2024)

New in Little Snitch 5.7.2 (Jan 10, 2024)

New in Little Snitch 5.7.1 (Sep 19, 2023)

New in Little Snitch 5.7 (Aug 21, 2023)

New in Little Snitch 5.6 (Apr 19, 2023)

New in Little Snitch 5.5 (Oct 13, 2022)

New in Little Snitch 5.4.1 (May 3, 2022)

New in Little Snitch 5.4 (Apr 26, 2022)

Improvements:
The connection alert now indicates when a connection was established via iCloud Private Relay (Private Relay is a new feature of macOS Monterey, which is currently in beta).
Improved detection of iCloud Private Relay connections on computers with IPv6 connectivity.
Updated QUIC protocol parser to support the latest IETF versions. This results in fewer connection alerts showing only the IP address of the remote server instead of its hostname when using Chrome or Firefox.
Improved rule group subscriptions to support various common block list formats, consisting of lines with domain names, IP addresses or IP networks in CIDR notation, or blocklists in /etc/hosts format.
Improved display of IP address rules. When a rule affects just a single IP address range, that range is now shown in the rule list.
Improved performance in Network Monitor when scrolling through connections with key-repeat.
Added Internet Access Policy information for the “nehelper” process of macOS.
When the update of a subscribed rule group fails, the cause is now reported in more detail.
Automatic backup of ruleset and configuration data at regular intervals. Up to eight backups are kept. The Restore from Backup command also offers these automatic backups.
Added missing localizations of some texts.
Bug Fixes:
Fixed a bug where reading the code identity of of applications with large Mach headers did not work. Rules for these apps created in Little Snitch Configuration resulted in an identity mismatch alert.
Fixed a bug where Until-Quit rules could expire even after they had been turned into permanent rules.
Fixed a bug where enabling an identity check for a process did not work.
Fixed a problem that could cause connection alerts to re-appear five seconds after allowing or denying the connection.
Fixed an issue that could cause the Little Snitch network extension to refuse starting.
Added workaround for a bug in MapKit causing the centering of the map on the current location to be off by 180 degrees longitude under rare circumstances.

New in Little Snitch 5.3.2 (Nov 18, 2021)

New in Little Snitch 5.3.1 (Oct 17, 2021)

Improvements:
Improved user guidance when starting Little Snitch for the first time. Instructions how to enable the Network Extension are now illustrated.
Added support for Private Relay connections on macOS Monterey. Since the Internet address of a Private Relay connection is not known, Little Snitch now shows it as “Private Relay”.
When recording traffic of a process via littlesnitch capture-traffic from the command line, traffic from related helper-processes is now included as well. Parameters for the capture-traffic subcommand have been renamed to reflect this change.
Connection details in the Network Monitor inspector now reflect the displayed and selected time period.
When a temporary rule expires, Little Snitch now shows a connection alert for all related connections that are still active but no longer covered by the now expired rule. These connections can then again be allowed or denied, but until a new decision is made, the previous, temporary decision (allow or deny) remains effective.
Improved connection alert to allow the creation of “Until Quit” rules for apps that are connecting via a helper tool, when the helper is already terminated, but the parent app is still running.
Improved wording of the term “software update” in German localization.
Corrected wording in tooltips of rule buttons in Network Monitor.
Bug Fixes:
Fixed a rare crash in the Little Snitch network extension.
Fixed a rare issue where the host name of the remote server could not be determined for unencrypted HTTP connections.
Fixed expiry handling of time based temporary rules. The expiry was delayed while the computer was in sleep mode.
Fixed a possible deadlock which occurred when a “New Network” alert should have been shown.
Fixed “Sort by Data Volume” behavior in Network Monitor. The values used for sorting did not take the displayed time period into account.
Fixed a bug where the type of traffic meters in Network Monitor was not updated in all rows when switching the sort order between Last Activity and Data Volume.
Fixed the computation of traffic rates shown in the inspector of Network Monitor. Rates may have been about 30% too low.
Fixed a bug where data volume meters did not update when sorting by data volume.
When switching the displayed time period in Network Monitor from a long to a short interval, some connections did not drop off the list, even if their last activity was outside the chosen interval. This issue has been fixed.
Fixed a possible crash of the Little Snitch application when searching rules for occurrences of a string.
Fixed an issue causing lots of warning messages regarding “deprecated use of NSObject in XPC” to be shown in the Console of macOS Monterey.
Fixed a bug causing the connection alert not to update the indication that the connecting process just terminated.
Fixed a bug causing a “location services disabled” alert message to appear twice when running Network Monitor for the first time.
Fixed an issue where starting the Little Snitch application with the Option key held down did not open the Installation Status window.
Fixed various bugs with mouse-hovering sensitive areas in the connection inspector of Network Monitor.
Fixed an issue causing the “Show in Finder” button in the connection inspector of Network Monitor to disappear when clicked.
Fixed a bug causing the Little Snitch application to hang after pasting a large number of hostnames or IP addresses in the rule editor.
Corrected a typo in the German localization of the Profile popup in the connection alert.
Corrected some layout and appearance issues in the “Welcome to Little Snitch” window.

New in Little Snitch 5.3 (Aug 25, 2021)

New in Little Snitch 5.2.2 (Jun 29, 2021)

New in Little Snitch 5.2.1 (Jun 15, 2021)

New in Little Snitch 5.2 (Jun 15, 2021)

This version focuses on three main areas:
The list of „Known Networks“ used for Automatic Profile Switching which was previously shown in a separate window is now integrated into the main window of the Little Snitch application.
The search and sort performance in the rules window has been greatly improved.
Added support for executables running from randomized file system paths. Rules for executables in /tmp or /var/folders automatically ignore random path components. Rules for executables in other locations can be converted manually into „Identifier Rules“ which refer to the process by its code signature identifier and team identifier or SHA256 (for unsigned scripts) instead of the executable’s path.
Improvements:
Improved detection of Wireguard VPN: Added explicit check for PIA VPN Service.
It’s now possible to remove other users’ connections shown in Network Monitor after authenticating as an administrator.
Rule group modifications or resetting to factory rules can now also be authorized via biometric authentication.
When a selected rule changes its position within the list due to some modification, the scroll position of the list is now adjusted so that the rule remains visible.
Minor visual improvements in the configuration window.
Bug Fixes:
Fixed a bug where a connection alert for a terminated process did not disappear after creating a rule.
Fixed an issue where a suspicious process warning with “validation error 255” was shown in a connection alert.
Fixed identification of iOS processes running in the Xcode debugger. Rules for these processes now match regardless of random path components.
Connection Alerts for incoming connections now always create IP address based rules because the remote computer name cannot reliably be known.
Fixed an issue where two domains were not recognized as equal due to a lowercase/uppercase mismatch.
Fixed a bug where an error message was shown in the inspector of Network Monitor if no Internet Access Policy was available for a process.
Fixed a possible crash when showing the list of files available for „Restore from Backup“.
Fixed startup issues after restarting computers with Fusion Drive.
Fixed a bug where a temporary rule would overwrite a disabled rule and eventually remove it.
Fixed a rare crash of the Little Snitch app when searching in rules.

New in Little Snitch 5.1.2 (Apr 1, 2021)

New in Little Snitch 5.1.1 (Feb 28, 2021)

New in Little Snitch 5.1 (Feb 23, 2021)

New in Little Snitch 5.0.4 (Dec 2, 2020)

New in Little Snitch 5.0.3 (Nov 26, 2020)

New in Little Snitch 5.0.2 (Nov 13, 2020)

New in Little Snitch 5.0.1 (Nov 10, 2020)

New in Little Snitch 5.0 (Nov 3, 2020)

New in Little Snitch 5.0 Beta 2 (Oct 29, 2020)

New in Little Snitch 4.5.2 (May 26, 2020)

New in Little Snitch 4.5.1 (Apr 23, 2020)

New in Little Snitch 4.5 (Mar 31, 2020)

This release brings new features and improvements requested by users, after a few months of focussing on compatibility with macOS Catalina. In particular:
Redesigned Research Assistant in Connection Alert:
Since our Internet Access Policy initiative (IAP) gains popularity and support by more and more third party developers, the IAP has been made the main focus of the Research Assistant. It provides you with first hand information directly from the app developer.
The information from our Research Assistant online database now comes bundled with Little Snitch to supplement processes which don’t have an IAP of their own. It’s therefore no longer necessary for Little Snitch to connect to the online database to retrieve this information.
Along with connection details and possible warnings regarding code identity checks all this information is now presented in a redesigned interface, in a clear and consistent manner.
Other improvements in the Connection Alert:
The connection alert now offers a wider range of options for the lifetime of temporary rules, ranging from 1 minute up to 30 days.
When a code identity check fails, it’s now always possible to “accept the modification” and update the identity check, using the executable’s cryptographic hash if nothing else is suitable.
When no server name can be derived and only the IP Address of a remote computer is shown, it’s now possible to create rules for the entire subnet, not just the particular IP Address.
Improvements in Network Monitor:
Network Monitor now shows accesses to the Berkeley Packet Filter (BPF), and rules for this kind of access can now be managed from within Network Monitor as well.
Since BPF access can now be managed in Network Monitor, BPF related connection alerts no longer appear in Silent Mode.
All server names ending in .local are now grouped in one single “local” domain.
Improved rule creation from within Network Monitor. If a similar but currently disabled rule already exists, it is replaced by the newly created rule.
The context menu for a connection now offers an “Until Logout” option when the Shift key is held.
Fixed an issue where Network Monitor stopped showing connections.
Fixed an issue where macOS would change Spaces when a full screen app is active and Network Monitor is brought to front.
Fixed: When there are no rules matching a connection, buttons for rule creation are only shown when the mouse is at the prospective button location. This prospective location was sometimes off by half a button width, making it hard to create an allow-rule. This issue has been fixed.
Fixed an issue where geographic labels on the map could be off by half a map width.
Improvements in Little Snitch Configuration:
Improved editing of a selection of multiple rules.
In order to derive code identity information, Little Snitch Configuration must read the executable files of processes. If an executable cannot be read due to file permissions, we now derive code identity information via a privileged component.
General improvements and fixes:
Improved the selection of suitable sections from the Internet Access Policy of a process.
Little Snitch now ships with built-in Internet Access Policy information for further macOS system components.
Improved selection of relevant information from Internet Access Policy in Network Monitor.
Updated Welcome Window in Little Snitch Configuration to reflect the new design of the connection alert.
After a fresh installation Little Snitch Configuration no longer shows factory rules in the “Last 24 Hours” section.
Preventing the simultaneous display of modal alert windows, possibly covering each other. They are now displayed one after the other.
Fixed detection of remote endpoint name for Viscosity VPN.
Fixed a crash of Little Snitch when other programs write garbage to the System Configuration. This crash occurred with a Microsoft Active Directory client for macOS.
Numerous other bug fixes and improvements.

New in Little Snitch 4.4.3 (Oct 7, 2019)

New in Little Snitch 4.4.2 (Jul 17, 2019)

New in Little Snitch 4.4.1 (Jul 16, 2019)

New in Little Snitch 4.4 (Jul 2, 2019)

New in Little Snitch 4.3.2 (May 9, 2019)

Improvements:
Improved performance of Little Snitch Configuration when “combine rules” is enabled.
Added support for Touch ID to enable/disable rule and profile editing when clicking the lock button in Little Snitch Configuration’s toolbar.
Process paths are now treated as being case-sensitive, even on case-insensitive file systems. This resolves an issue where rules created manually using Little Snitch Configuration would not match if the entered path didn’t match the actual path exactly. Such rules are now also marked as invalid and can be found in the “Invalid Rules” filter in the left sidebar.
Code modification alerts can now be minimized, just like regular connection alerts.
Improved detection of processes whose code signature got invalid because the corresponding code signing certificate was revoked.
Improved layout of rule group subscription editor.
Added sharing options for rule group subscriptions. In the left sidebar, Control-click a rule group and select “Share”, or use the share button in the rule group subscription editor to share the rule group with others.
Added support for WireGuard VPN.
Added a factory rule for connections from syspolicyd to api.apple-cloudkit.com.
Rules whose process paths contain symbolic links are now marked as invalid because they can never match.
Various improvements to Subscribed Rules Inspector.
Bug Fixes:
Fixed an issue where Little Snitch could break DNS lookups for all programs. This bug first occurred in version 4.3.
Fixed an issue causing the connection alert to create a rule only for the app itself, ignoring the via-process, if the via-process was a Java process.
Fixed an issue with ask-rules causing the connection alert to create rules that were less specific than the ask-rule that caused the alert to be shown in the first place, leading to repeated alerts.
Fixed an issue causing Little Snitch to deactivate Silent Mode and switch to Alert Mode unintentionally.
Fixed an issue in Little Snitch Configuration where dragging of rules didn’t work correctly when “combine rules” was enabled.
Fixed an issue in Network Monitor where traffic captures were incomplete.
Fixed a few issues with the network traffic meters in the menu bar.
Fixed an issue causing the buttons for toggling the map and the inspector in Network Monitor to be not clickable under certain circumstances.
Fixed an issue causing traffic captures not being stopped when Network Monitor was disabled in preferences while traffic was being captured.
Fixed a possible crash on OS X 10.11.
Other:
Numerous user interface fixes and improvements.

New in Little Snitch 4.3.1 (Mar 6, 2019)

New in Little Snitch 4.3 (Mar 5, 2019)

Improved detection of program modification:
Little Snitch has a security mechanism that ensures rules are only applied to programs for which they were originally created. This is to prevent malware from hijacking existing rules for legitimate programs. To do that, Little Snitch must be able to detect whether a program was modified. How Little Snitch does that changes with this version.
Previous versions required a program to have a valid code signature in order to be able to detect illegitimate modifications later on. Programs without a code signature could not be validated and Little Snitch warned accordingly. The focus was therefore on a program’s code signature.
Beginning with version 4.3, Little Snitch can always check whether a program has been tampered with, even if it’s not code signed at all. The focus is now on checking for modifications with the best means available. That is usually still the code signature but for programs that are not code signed, Little Snitch now computes a secure hash over the program’s executable. (There’s still a warning if a process is not signed, but only to inform you about a possible anomaly.)
This change leads to a different terminology. When editing a rule, Little Snitch Configuration no longer shows a checkbox titled “requires valid code signature” but instead one that is titled “check process identity” (or if the rule is for any process: “apply to trusted processes only”).
Instead of a “code signature mismatch”, Little Snitch’s connection alert now informs that “the program has been modified”.
In cases where Little Snitch detects such a modification, it now also better explains the possible underlying cause and the potential consequences.
For more information see the chapter Code identity checks in the online help.
Configuration File Compatibility:
This version uses a new format with speed and size improvements for the configuration file in which the current rule set and the preferences are stored. This new file format is not compatible with older versions of Little Snitch, though. When updating to Little Snitch 4.3, the old configuration file is left untouched in case you want to downgrade to a previous version of Little Snitch. All changes made in Little Snitch 4.3 or later are not included in the old file, of course. Note that backup files created using File > Create Backup… in Little Snitch Configuration use the old file format and are therefore backward-compatible with previous versions of Little Snitch.
Improved Support for macOS Mojave:
Improved appearance in Dark Mode.
Fixed backup restore from Time Machine not working in Little Snitch Configuration due to the new “Full Disk Access” security mechanism.
Fixed creating Diagnostics Reports for non-admin users (on macOS High Sierra and later). When you contact our tech support, we sometimes ask you to create these reports.
Performance Improvements:
Improved overall performance for large rule sets.
Reduced CPU load of Little Snitch Daemon during DNS lookups.
Reduced CPU load of Network Monitor while inactive.
Improved performance of rule sorting in Little Snitch Configuration, which leads to better overall performance.
Fixed Little Snitch Daemon hanging while updating a rule group subscription that contains many rules.
Fixed a memory leak that occurred when closing a snapshot window in Network Monitor.
Internet Access Policy:
Fixed an issue causing an app’s Internet Access Policy not being shown if that app was running in App Translocation.
Fixed clickable links not working in the “Deny Consequences” popover when creating rules in connection alert or Network Monitor.
Internet Access Policy file: Fixed large values for a connection’s “Port” being rejected.
Process Identity and Code Signature Check Improvements:
Added support for detecting revoked code signing certificates when checking a process’ code signature. The connection alert and Network Monitor now treat such processes like processes without a valid code signature and show relevant information. Also, rules created will use an appropriate identity check (based on the executable’s checksum, not based on the code signature).
When showing a connection alert for a process that has no valid code signature, Little Snitch now tries to find out if loading a shared library may have caused the issue with the code signature. If so, this is pointed out in the connection alert.
Fixed handling of app updates while the app is still running: Previous versions of Little Snitch would complain that the code signature could not be checked if the running app was replaced on disk, e.g. during an update.
Fixed an issue where connection alerts would erroneously contain a warning that an application’s code signing certificate was unacceptable. This mainly happened when a process’ first connection was an incoming connection.
Improved Handling of Connection Denials and Override Rules:
Improved handling of override deny-rules that were created as a consequence of a suspicious program modification (“Connection Denials”). In Network Monitor, these rules are now marked with a dedicated symbol. Clicking that symbol allows to remove that override rule, if the modification is confirmed to be legitimate.
Changed override deny-rules created for failed code identity checks to not be editable or deletable. Instead, double-clicking such a rule allows you to fix the underlying issue, which then automatically deletes the override rule.
UI and UX Improvements:
Automatically combine rules: For improved handling of large rule sets with many similar rules that only differ in host or domain names. This is common when subscribing to blocklists, which may contain thousands of similar, individual rules denying connections to various servers. The new “Automatically combine rules” option in Little Snitch Configuration (on by default) now combines such similar rules into a single row, making it much easier to keep track of large lists of rules.
Improved appearance when Accessibility option "Increase contrast" is active.
Improved floating window mode in Network Monitor.
When choosing File > Restore from Backup in Little Snitch Configuration, the list showing possible backup files now includes backups that Little Snitch created automatically.
Improved the map shown in the “Known Networks” window in Little Snitch Configuration.
Improved the legibility of traffic rates in the status menu on Retina displays.
Fixed data rates shown in Network Monitor to match the values shown in the status menu.
Fixed the “Duration” setting in Preferences > Alert > Preselected Options not being respected.
Fixed an issue with “undo” when unsubscribing from a rule group or when deleting a profile.
Fixed an issue in Little Snitch Configuration where the “Turn into global rule” action did not work.
Fixed an issue where an error that occurred in the course of a previous rule group subscription update was still displayed, even though the problem no longer existed.
Other Improvements and Bug Fixes:
Increased the maximum number of host names allowed in a rule group subscription to 200.000.
Fixed an issue causing XPC services inside bundled frameworks to not be recognized as XPC. This resulted in connection alerts to be shown for the XPC services themselves instead of for the app the service belongs to.
Fixed an issue causing Time Machine backups to Samba servers to stop working under some circumstances.
Fixed an issue related to VPN connections with Split DNS configuration that caused only the server’s IP address to be displayed instead of its hostname.
Reduced the snap length in PCAP files, allowing them to be analyzed not only with Wireshark but also with “tcpdump”.

New in Little Snitch 4.2.4 (Dec 12, 2018)

New in Little Snitch 4.2.3 Build 5208 (Nov 15, 2018)

New in Little Snitch 4.2.2 Build 5207 (Oct 17, 2018)

New in Little Snitch 4.2.1 Build 5204 (Oct 1, 2018)

New in Little Snitch 4.2 Build 5201 (Sep 21, 2018)

New in Little Snitch 4.1.4 Build 5188 Nightly (Aug 8, 2018)

New in Little Snitch 4.1.3 Build 5187 (Aug 8, 2018)

New in Little Snitch 4.1.3 Build 5182 Nightly (Jul 30, 2018)

New in Little Snitch 4.1.3 Build 5180 Nightly (Jul 13, 2018)

New in Little Snitch 4.1.3 Build 5176 Nightly (Jul 10, 2018)

New in Little Snitch 4.1.2 Build 5175 (Jul 10, 2018)

New in Little Snitch 4.1.1 Build 5171 (Jun 27, 2018)

New in Little Snitch 4.1 Build 5167 (Jun 13, 2018)

Rule Group Subscriptions:
Rule Groups are sets of rules that anyone can create and publish on their web server for others to subscribe to. Whenever changes to the rules are made by the publisher, subscribers receive these changes.
This is useful for providing automatically updating blocklists, distributing a common set of rules to multiple computers in a corporate network, or for app developers who want to provide a set of rules to their customers to make it work seamlessly with Little Snitch.
To let you test this feature we provide an example rule group. To subscribe to this group, open Little Snitch Configuration, choose New Rule Group Subscription from the File menu, and enter the following URL: https://obdev.at/resources/littlesnitch/blocklist-example.lsrules.
You can find more information about subscribing and publishing in the documentation chapter Rule group subscriptions.
Other New Features and Improvements:
Improved display of inactive rules in Little Snitch Configuration. If a rule is inactive for whatever reason — either if it’s not enabled, if it’s part of a profile that’s currently not activated, if it’s in a rule group that’s currently not activated, or if the entire network filter is turned off — the rule is now consistently displayed with a gray text color.
Focus Mode: Little Snitch Configuration has a new mode that allows you to focus on a specific subset of rules. Selecting one or more rules and then choosing Focus on Selected Rules or Focus on Rules Affecting Selection from the View menu will focus on just the rules you want to see, while leaving the search field free for further filtering. Focus Mode is also used for revealing matching rules from the connection alert or Network Monitor (e.g. by right-clicking a connection and choosing Show Corresponding Rules).
The rule groups “iCloud Services” and “macOS Services” (previously named “Managed Rules”) can now be activated and deactivated using a checkbox next to their name in Little Snitch Configuration’s left sidebar (previously, these checkboxes could be found in the preferences window). This allows you to see what rules these sets contain before activating them.
Profiles can now be activated and deactivated in Little Snitch Configuration’s left sidebar using a checkbox next to the profile.
The special “Code Signature Issue Override Rules” that Little Snitch creates under certain circumstances can now be edited in Little Snitch Configuration just like normal rules. This should make it less confusing to deal with situations where an application is reported to have no valid code signature. See Code signature issues > Special Code Signature Issue Override Rules for more details.
Connection alerts for applications that have an issue with their code signature now include direct links to the relevant section of the online documentation. The relevant chapter Code signature issues has been extended to provide much more details and examples for how Little Snitch behaves when an application without a valid code signature tries to establish a connection.
Added support for the current version of the QUIC protocol. This fixes an issue with connections from Google Chrome, where the connection alert only showed the IP address instead of the hostname under some circumstances.
In addition to checking that an application’s code signature is valid, Little Snitch now also checks the code signing certificate that was used to create the signature. Only certificates that were issued by Apple are currently accepted.
Improved Little Snitch Installer to prevent malicious software from hijacking the installation procedure. Credit to Patrick Wardle (Synack, Inc.) for discovering this possibility.
Many more minor improvements.
Bug Fixes:
Fixed CVE-2018-10470: Fixed an issue where some components of Little Snitch would only verify the code signature of the 64 bit slice of a fat binary when performing a code signature check, ignoring the 32 bit slice. With a maliciously crafted binary, this could lead to Little Snitch Configuration and Network Monitor to show that the code signature was valid, while the running process could have a non-valid code signature. Note that this did not affect what connections were allowed or denied. Credit to Josh Pitts (Okta, Inc.) for discovering this issue. For more details, read Josh’s blog post.
Fixed an issue where a connection alert could sometimes be shown despite an existing rule that allowed the connection. We observed this mainly with Google Chrome.
Fixed an issue in “Silent Mode – Deny Connections” where incoming TPC connections would sometimes be denied despite an existing rule that allowed the connection.
Fixed issues with Automatic Profile Switching when joining a new, yet unknown network.
Fixed an issue in the connection alert in conjunction with terminated processes when the “Confirm connection alert automatically” preferences option was turned on.
Fixed an issue causing VPN connections to be wrongly considered as local network connections due to an incorrect netmask of the P2P interface set by the IPSec client of macOS.
Fixed an issue causing the connection alert to repeatedly switch between different, pending connection attempts.
Fixed multiple issues that could lead to a Code Signature Alert showing an internal error. These alerts should be gone now for universal apps running in 32-bit mode and for Java apps.
Fixed an issue where a connection alert could disappear when the connecting process terminates.
Many more minor bug fixes.
Note:
This version does not support the developer preview of macOS Mojave (10.14). Use the latest Little Snitch 4.1 Nightly Build available at:
https://obdev.at/products/littlesnitch/download-nightly.html

New in Little Snitch 4.1 Build 5156 Nightly (May 11, 2018)

Managed Rules Subscriptions:
Managed Rules are sets of rules that anyone can create and publish on their web server for others to subscribe to. Whenever changes to the rules are made by the publisher, subscribers receive these changes.
This is useful for providing automatically updating blocklists, distributing a common set of rules to multiple computers in a corporate network, or for app developers who want to provide a set of rules to their customers to make it work seamlessly with Little Snitch.
To let you test this feature we provide an example set of managed rules. To subscribe to this ruleset, open Little Snitch Configuration, choose Subscribe to Managed Rules from the Rules menu, and enter the following URL: https://obdev.at/resources/littlesnitch/blocklist-example.lsrules
You can find more information about subscribing and publishing in the documentation chapter Subscribing to Managed Rules.
Other New Features and Improvements:
Improved display of inactive rules in Little Snitch Configuration. If a rule is inactive for whatever reason — either if it’s not enabled, if it’s part of a profile that’s currently not activated, if it’s in a set of Managed Rules that’s currently not activated, or if the entire network filter is turned off — the rule is now consistently displayed with a gray text color.
Focus Mode: Little Snitch Configuration has a new mode that allows you to focus on a specific subset of rules. Selecting one or more rules and then choosing View > Focus on Selected Rules or View > Focus on Rules Affecting Selection will focus on just the rules you want to see, while leaving the search field free for further filtering. Focus Mode is also used for revealing matching rules from the connection alert or Network Monitor (e.g. by right-clicking a connection and choosing Show Corresponding Rules).
The Managed Rules sets “iCloud Services” and “macOS Services” can now be activated and deactivated using a checkbox next to their name in Little Snitch Configuration’s left sidebar (previously, these checkboxes could be found in the preferences window). This allows you to see what rules these sets contain before activating them.
Profiles can now be activated and deactivated in Little Snitch Configuration’s left sidebar using a checkbox next to the profile.
The special “Code Signature Issue Override Rules” that Little Snitch creates under certain circumstances can now be edited in Little Snitch Configuration just like normal rules. This should make it less confusing to deal with situations where an application is reported to have no valid code signature. See Code signature issues > Special Code Signature Issue Override Rules for more details.
Connection alerts for applications that have an issue with their code signature now include direct links to the relevant section of the online documentation. The relevant chapter Code signature issues has been extended to provide much more details and examples for how Little Snitch behaves when an application without a valid code signature tries to establish a connection.
Added support for the current version of the QUIC protocol. This fixes an issue with connections from Google Chrome, where the connection alert only showed the IP address instead of the hostname under some circumstances.
In addition to checking that an application’s code signature is valid, Little Snitch now also checks the code signing certificate that was used to create the signature. Only certificates that were issued by Apple are currently accepted.
Many more minor improvements.
Bug Fixes:
Fixed an issue where a connection alert could sometimes be shown despite an existing rule that allowed the connection. We observed this mainly with Google Chrome.
Fixed an issue in “Silent Mode – Deny Connections” where incoming TPC connections would sometimes be denied despite an existing rule that allowed the connection.
Many more minor bug fixes.

New in Little Snitch 4.0.6 Build 5124 (Mar 21, 2018)

New in Little Snitch 4.0.6 Build 5121 Nightly (Mar 6, 2018)

New in Little Snitch 4.0.6 Build 5119 Nightly (Feb 22, 2018)

New in Little Snitch 4.0.5 Build 5116 (Jan 18, 2018)

Bug Fixes:
Fixed a kernel panic introduced in Little Snitch 4.0.4 that would occur when a single process established more than two billion outgoing connections.
Fixed multiple issues causing a Connection Alert indicating an internal error related to a code signature mismatch from being shown.
Fixed an issue where scrolling in Little Snitch Network Monitor’s inspector would not work.
Fixed incorrect sorting of Time Machine Backups in Little Snitch Configuration’s “Import from Backup…” sheet.
Improvements:
The Connection Alert now points out if a connection is to or from the local network and offers a new option to create a rule for “Only local network”. Creating such a rule was possible in Little Snitch Configuration, but now you can do this in the Connection Alert, too.
For hostnames that end in .local, the Connection Alert will now create host rules, not domain rules. These rules worked as intended, but it makes more sense to create host rules instead.
A Connection Alert informing about a code signature mismatch is now shown even if Silent Mode is active. This is to prevent processes with an invalid code signature from communicating even in Silent Mode.
If an app changes its bundle identifier in an update, Little Snitch will update any existing rules for that app if the new version is located at the same path and is signed by the same developer. Previously, a Connection Alert indicating a code signature mismatch was shown.
Improved a button label in Connection Alert in case of a code signature mismatch to avoid possible confusion. Previously, it read “Require New Code Signature…” and now it’s “Accept New Code Signature…”.
Improved alert when macOS blocks Little Snitch’s kernel extension from being loaded. In addition to opening the “Security & Privacy” preferences panel, it also switches to the “General” tab, where it must be allowed.
Prevented multiple notifications about incoming connections from the local network to processes without a code signature being shown. Details: In earlier versions, if “Ignore code signature for local network connections” was enabled (in Little Snitch Configuration > Preferences > Security), an allow rule for only the specific IP address of the connecting peer was created and a notification was shown each time this happened. With this change, an allow rule for any incoming connection for the local network will be created and only a single notification will be shown. Note that this does not change what connections are accepted, only how many notifications are shown.
Improved performance when duplicating a large number of rules in Little Snitch Configuration.
Double-clicking an unapproved rule in Little Snitch Configuration to show the rule inspector now only approves the rule if the inspector is closed with the “OK” button, not with the “Cancel” button.
Fixed Little Snitch Network Monitor sometimes showing incorrect hostnames for incoming UDP data. Note that only the names shown were incorrect – the network filter and rules were not affected by this.
Internet Access Policy:
Developers can now specify their name that will be shown to users as the source of the IAP information. Previous versions of Little Snitch used the name as defined in the code signing certificate, but this does not work for apps downloaded from the App Store. See the specification of keys for details.
If the developer’s name is read from the app’s code signing certificate, Little Snitch now shows the name without the country. For example, it’s now “Objective Development”, not “Objective Development, AT”.
Added support for Internet Access Policy files written in JSON format (in addition to the Property List format). See section File format for more information.
Added support for Internet Access Policy files embedded in XPC services. See the section Support for XPC services in the developer documentation for details.
Fixed an issue where developers testing the Internet Access Policy in their apps would not see up-to-date information in Little Snitch, specifically in localizations. Cache invalidation is hard.

New in Little Snitch 4.0.5 Build 5114 Nightly (Jan 11, 2018)

New in Little Snitch 4.0.5 Build 5112 Nightly (Dec 20, 2017)

New in Little Snitch 4.0.5 Build 5108 Nightly (Dec 13, 2017)

Bug Fixes:
Fixed a kernel panic introduced in Little Snitch 4.0.4 that would occur when a single process established more than two billion outgoing connections.
Fixed multiple issues causing a Connection Alert indicating an internal error related to a code signature mismatch from being shown. One of the reasons was if another user had rules for a process that required a different code signature than the process actually had.
Fixed incorrect sorting of Time Machine Backups in Little Snitch Configuration’s “Import from Backup…” sheet.
Improvements:
A Connection Alert informing about a code signature mismatch is now shown even if “Silent Mode – Allow Connections” is active. This is to prevent processes with an invalid code signature from communicating even in Silent Mode.
If an app changes its bundle identifier in an update, Little Snitch will update any existing rules for that app if the new version is located at the same path and is signed by the same developer. Previously, a Connection Alert indicating a code signature mismatch was shown.
Clarified Connection Alert’s button label in case of a code signature mismatch from “Require New Code Signature…” to “Accept New Code Signature…”.
Improved alert when macOS blocks Little Snitch’s kernel extension from being loaded. It now opens the “Security & Privacy” preferences panel and switches to the “General” tab, where it must be allowed.
Prevented multiple notifications about incoming connections from the local network to processes without a code signature being shown. Details: In earlier versions, if “Ignore code signature for local network connections” is enabled (in Little Snitch Configuration > Preferences > Security), an allow rule for only the specific IP address of the connecting peer was created and a notification was shown each time this happened. With this change, an allow rule for any incoming connection for the local network will be created and only a single notification will be shown. Note that this does not change what connections are accepted, only how many notifications are shown.
Improved performance when duplicating a large number of rules in Little Snitch Configuration.
Double-clicking an unapproved rule in Little Snitch Configuration to show the rule inspector now only approves the rule if the inspector is closed with the “OK” button, not with the “Cancel” button.

New in Little Snitch 4.0.4 Build 5106 (Nov 30, 2017)

Internet Access Policy:
In Little Snitch 4 we’ve introduced a new Internet Access Policy (IAP) standard, allowing third party app developers to bundle a policy file with their application containing information about the Internet connections their program is about to establish.
This gives developers the opportunity to describe the purpose of these connections, why they are necessary and why it’s recommended or necessary to allow them.
With Little Snitch 4.0.4 we’ve extended the policy format to allow providing dedicated information about potential consequences when denying a particular connection.
Whenever you choose to deny a connection via Little Snitch — either in the connection alert or in Network Monitor — we now display that information helping you to make a better informed decision.
IAP Improvements:
It’s now possible to provide Internet Access Policy files not only for app bundles but also for plain Unix executable files.
Little Snitch now includes Internet Access Policies for several Apple processes shipped with macOS.
Fixed an issue with localized IAP files.
Added support for Markdown-style links.
Network Monitor:
Blocked connections are now indicated in the map with a red flashing connection line.
Significantly improved performance when handling large amounts of connects.
Improved performance in case of large file downloads.
New action: “Show Recently Used Rule(s)”. Accessible by holding down the Option key while right-clicking a line in the list.
Fixed an issue causing heavy flickering of the map during zooming or panning on macOS 10.13 High Sierra.
Fixed locations on Little Snitch Network Monitor’s map being drawn too large on macOS 10.13.
Fixed: The menu bar did not respond immediately after opening the Network Monitor window.
Fixed: Network Monitor no longer flashes connection lines that are currently invisible due to filtering.
The data rate display in the inspector pane now respects the Bits/s vs. Bytes/s user preference.
The experimental “Handle Connection Attempts in Monitor” preferences option has been removed.
Code Signature Check Improvements:
Fixed an issue that could incorrectly lead to a connection alert indicating a code signature mismatch between a running process and an existing rule.
Fixed an incorrect message “Incoming Connection Denied due to invalid code signature” being shown, usually for the process netbiosd.
Improved a confusing code signature mismatch message in connection alert when the bundle identifier of the connecting app changed.
When a rule is created using the connection alert’s “Deny Any Connection” button (only shown in case of a code signature mismatch or an invalid code signature), that rule is now permanent instead of “Until Quit”.
Fixed an issue where a deny rule labelled “override due to code signature issue” could inadvertently be turned into a permanent allow rule.
Fixed an issue where the connection alert would show that an XPC process’ parent app had no code signature. This would happen when the parent app was already terminated at the time when the XPC process tried to establish a connection.
General:
Improved handling and presentation of code signature issues.
Improved help text of rule suggestions covering multiple connection attempts.
Improved handling of incoming ssh connections.
Improved handling of denied incoming connections.
Improved display of connection alerts on small displays.
Improved creation of diagnostics reports.
Improved protection against malware attempting to modify Little Snitch.
Improved reliability of showing connection alerts in cases where a process only opens a connection, but never actually sends or receives any data.
For improved privacy the Little Snitch configuration file is now saved in an encrypted format.
Fixed a vulnerability where the process name in Little Snitch Configuration’s rule inspector could be constructed to execute as a shell command. Security impact: If users follow malicious instructions, they can enter a text string in Little Snitch Configuration which is unexpectedly executed in a shell under the user’s privileges. Not exploitable from remote or by local processes.
Added a preference option allowing to choose whether OpenVPN remote servers should be distinguished or not.
Added “Port 22 (SSH)” to the port popup list in the rule editor of Little Snitch Configuration.
Due to a bug in macOS, applications may hang for a while when they attempt to show animated graphics. Little Snitch detects when important components stop responding and used to generate diagnostics info. Since this further slowed down the machine, we no longer generate these diagnostics and simply restart the affected component.
Fixed a rare kernel panic.
Fixed an issue when choosing the “Once” option in the connection alert.
Fixed an issue related to handling connections via VPN.
Fixed a rare crash of Little Snitch Network Monitor that could occur when an app would use a network socket in an unusual, but still correct way. This could happen when using the PS4 Remote Play app.
Fixed a kernel panic by making Little Snitch’s kernel extension more robust when other third party kernel extensions overwrite memory that belongs to Little Snitch.
Fixed outdated message in installer log when boot cache update failed due to a full Recovery HD.
Improved detection of which app uses an XPC helper.
Fixed some unexpected but harmless messages from the kernel in the system log that would occur only on MacBook Pro with TouchBar.
Several other bug fixes and improvements.
Privacy Note:
For improved privacy the Little Snitch configuration file is now stored in an encrypted format. When switching to the encrypted format, a backup of the old, unencrypted configuration file is made. If you prefer to have only encrypted configuration files stored on disk, we recommend to remove any unencrypted backup files. Their filename contains a date and timestamp, and they are located in the following folders:
/Library/Application Support/Objective Development/Little Snitch/
~/Library/Application Support/Little Snitch/
To open these folders you can use Finder’s Go to Folder… command (⇧⌘G).
Downgrading Note:
Since this version stores all configuration files in encrypted format, previous versions cannot read them. If you downgrade, all your rules and preferences are lost. In order to prevent data loss, this version makes a backup of your configuration at /Library/Application Support/Objetive Development/Little Snitch/configuration_.xpl before encrypting. Previous versions can restore from this backup via Little Snitch Configuration > Rules > Import from Backup….
Alternatively, you can make a backup of your configuration even in the new version (via Little Snitch Configuration > Rules > Backup…) and restore it after downgrading. Backups are not encrypted in order to keep them backward-compatible.

New in Little Snitch 4.0.4 Build 5104 Nightly (Nov 24, 2017)

New in Little Snitch 4.0.4 Build 5102 Nightly (Nov 20, 2017)

Internet Access Policy:
Added support for Markdown-style links.
Code Signature Check Improvements:
Fixed an issue that could incorrectly lead to a connection alert indicating a code signature mismatch between a running process and an existing rule.
Fixed an incorrect message “Incoming Connection Denied due to invalid code signature” being shown, usually for the process netbiosd.
Improved a confusing code signature mismatch message in connection alert when the bundle identifier of the connecting app changed.
When a rule is created using the connection alert’s “Deny Anyway” button (only shown in case of a code signature mismatch or an invalid code signature), that rule is now permanent instead of “Until Quit”.
Fixed an issue where a deny rule labelled “override due to code signature issue” could inadvertently be turned into a permanent allow rule.
Fixed a bug where the connection alert would show that an XPC process’ parent app had no code signature. This would happen when the parent app was already terminated at the time when the XPC process tried to establish a connection.
Other Bug Fixes and Improvements:
Fixed a rare crash of Little Snitch Network Monitor that could occur when an app would use a network socket in an unusual, but still correct way. This could happen when using the PS4 Remote Play app.
Fixed a kernel panic by making Little Snitch’s kernel extension more robust when other third party kernel extensions overwrite memory that belongs to Little Snitch.
Fixed a vulnerability where the process name in Little Snitch Configuration’s rule inspector could be constructed to execute as a shell command. Security impact: If users follow malicious instructions, they can enter a text string in Little Snitch Configuration which is unexpectedly executed in a shell under the user’s privileges. Not exploitable from remote or by local processes.
Fixed outdated message in installer log when boot cache update failed due to a full Recovery HD.
Improved detection of which app uses an XPC helper.
Fixed some unexpected but harmless messages from the kernel in the system log that would occur only on MacBook Pro with TouchBar.
Other, minor bug fixes.

New in Little Snitch 4.0.4 Build 5096 Nightly (Oct 21, 2017)

INTERNET ACCESS POLICY:
In Little Snitch 4 we’ve introduced a new Internet Access Policy (IAP) standard, allowing third party app developers to bundle a policy file with their application containing information about the Internet connections their program is about to establish.
This gives developers the opportunity to describe the purpose of these connections, why they are necessary and why it’s recommended or necessary to allow them.
With Little Snitch 4.0.4 we’ve extended the policy format to allow providing dedicated information about potential consequences when denying a particular connection.
Whenever you choose to deny a connection via Little Snitch —either in the connection alert or in Network Monitor — we now display that information helping you to make a better informed decision.
IAP IMPROVEMENTS:
It’s now possible to provide Internet Access Policy files not only for app bundles but also for plain Unix executable files.
Little Snitch now includes Internet Access Policies for several Apple processes shipped with macOS.
Fixed an issue with localized IAP files.
NETWORK MONITOR:
Blocked connections are now indicated in the map with a red flashing connection line.
Significantly improved performance when handling large amounts of connects.
Improved performance in case of large file downloads.
New action: “Show Recently Used Rule(s)”. Accessible by holding down the Option key while opening the context menu in Network Monitor.
Fixed an issue causing heavy flickering of the map during zooming or panning on macOS 10.13 High Sierra.
Fixed: The menu bar did not respond immediately after opening the Network Monitor window.
Fixed: Network Monitor no longer flashes connection lines that are currently invisible due to filtering.
The data rate display in the inspector pane now respects the Bits/s vs. Bytes/s user preference.
The experimental “Handle Connection Attempts in Monitor” preferences option has been removed.
GENERAL:
Improved handling and presentation of code signature issues.
Improved handling of XPC processes.
Improved help text of rule suggestions covering multiple connection attempts.
Improved handling of incoming ssh connections.
Improved handling of denied incoming connections.
Improved display of connection alerts on small displays.
Improved creation of diagnostics reports.
Improved protection against malware attempting to modify Little Snitch.
For improved privacy the Little Snitch configuration file is now saved in an encrypted format.
Added a preference option allowing to choose whether OpenVPN remote servers should be distinguished or not.
Added “Port 22 (SSH)” to the port popup list in the rule editor of Little Snitch Configuration.
Due to a bug in macOS, applications may hang for a while when they attempt to show animated graphics. Little Snitch detects when important components stop responding and used to generate diagnostics info. Since this further slowed down the machine, we no longer generate these diagnostics and simply restart the affected component.
Fixed a rare kernel panic.
Fixed an issue when choosing the “Once” option in the connection alert.
Fixed an issue related to handling connections via VPN.
Several other bug fixes and improvements.

New in Little Snitch 4.0.3 Build 5094 (Sep 25, 2017)

New in Little Snitch 4.0.3 Build 5089 Nightly (Sep 6, 2017)

New in Little Snitch 4.0.2 Build 5086 (Aug 8, 2017)

New in Little Snitch 4.0.1 Build 5082 (Jul 25, 2017)

General Improvements:
Improved Touch Bar support.
Improved handling of FTP connections.
Improved upgrade from version 3 to preserve an active Silent Deny Mode.
Domains and search-domains that are explicitly configured in macOS System Preferences > Network Preferences > Advanced > DNS are now considered.
Fixed some spelling errors, improved wording and localization.
Fixed a crash of Little Snitch Agent when turning off the Network Monitor while Silent Mode was active.
Fixed an issue when creating a new rule or profile in Little Snitch Configuration while the Known Networks window was open.
Fixed a possible kernel panic.
Many minor bug fixes.
For info on compatibility with macOS High Sierra (10.13) Beta please click here.
Connection Alert:
The connection alert now shows a warning when the connecting application is affected by Gatekeeper Path Randomization (which indicates that the app was not correctly installed).
The alert now also shows a plain text representation of internationalized domain names containing special characters which require encoding. This makes it possible to identify homograph domain name attacks.
It’s now possible to get the port and protocol specific option preselected in the connection alert (See Little Snitch Configuration > Preferences > Alert).
The connection alert now allows to create rules for an entire Content Delivery Network domain.
Fixed the ordering of minimized alerts: When maximizing the alert, the last minimized alert is opened first.
Menu Bar Icon:
Improved indication of active silent mode in menu bar.
The menu bar icon is now always shown while “Silent Mode — Deny Connections” is active, regardless of the “Show status in menu bar” preference option.
Network Monitor:
Added preferences option to show the Network Monitor when the mouse hovers the menu bar icon.
Added “Help” menu item.
Improved Top Countries summary statistics in Connection Inspector.
Fixed a bug where Network Monitor became unresponsive when Little Snitch Daemon crashed.
Fixed an issue causing Network Monitor to start with an empty list instead of showing the stored previous connections.

New in Little Snitch 4.0.1 Build 5079 Nightly (Jul 19, 2017)

New in Little Snitch 4.0.1 Build 5077 Nightly (Jul 13, 2017)

New in Little Snitch 4.0 Build 5075 (Jul 5, 2017)

OVERVIEW:
Overall modernized design of all UI components
Completely redesigned Network Monitor with map view for visualizing worldwide network connections based on their geographic location
Research Assistant accessible from Network Monitor and Little Snitch Configuration
New, redesigned Silent Mode
Connection alert can be minimized to defer the decision whether to allow or deny a connection
Improved DNS name based traffic filtering using Deep Packet Inspection
Code signature secured filter rules
Improved working with profiles
Automatic Silent Mode Switching
Priority Rules
Managed Rules
Touch Bar Support
DETAILS:
Completely redesigned Network Monitor:
The new map view in Network Monitor shows realtime information about all current and past network connections and their geographic location. It provides powerful filtering and selection options helping to assess particular connections based on the server’s location.
It’s now also possible to create and change rules with a single click right from within the Network Monitor. This is especially useful in conjunction with the new Silent Mode. You may run Silent Mode for a while, then later create rules for connections that occurred during that time (those connections are displayed with a blue Allow/Deny button).
An application’s connections shown in the connection list are now displayed grouped by domain, making it easier to create rules that match an entire domain instead of just a single host. But it’s still possible to drill down to the host-level of each connection.
The connection information is persisted across restarts of the application (i.e. logout/login or restarting the computer).
While the Network Monitor window is open, the app has a Dock icon and it’s shown in the Command-Tab app switcher of macOS.
A new “Since Timestamp” filter allows to temporarily clear the connection list, and to show only connections that occurred after the filter was turned on. The filter can be activated by choosing “Since Timestamp” from the filter menu in the search field, or by pressing Command-K.
You can choose between a light and a dark appearance of the Network Monitor window. The desired appearance can be selected in the View > Appearance menu in the menu bar.
Extended Research Assistant:
The Research Assistant is now also accessible from Network Monitor and from Little Snitch Configuration.
Third party developers can now bundle their apps with an Internet Access Policy file containing descriptions of all network connections that are possibly triggered by their app. Little Snitch will then display that information to users, helping them in their decision how to handle a particular connection. A description of the policy file format will be provided soon.
Redesigned Silent Mode:
The new Silent Mode is now tightly integrated with the Network Monitor. It can be used as an alternative to regular connection alerts, which some users may find too intrusive, especially after a fresh installation of Little Snitch with very few filter rules in place, causing connection alerts to appear quite often.
A recommended strategy for new users is to run Little Snitch in Silent Mode for a few days, allowing all connections (same as they did before, when Little Snitch wasn’t yet installed). After that time, all the connections that would have caused a connection alert are now listed in Network Monitor. They are marked with a blue Allow/Deny button. You can then quickly review all these connections, and create a set of rules that perfectly matches your needs based on the applications you use and the connections they make.
When Silent Mode is active, a user notification is shown when a connection got silently allowed or denied (only once per application). If you prefer completely silent operation, you can turn off these notifications in System Preferences > Notifications > Little Snitch Network Monitor.
Improved Connection Alert:
In Little Snitch Preferences > Connection Alert you can now choose the options that shall be preselected when a new connection alert is shown.
It’s now possible to choose if the created rule shall be effective in the current profile or in all profiles.
The details sections now shows code signature information for the connecting process.
The Connection Alert now offers an “Only local network” option if a connection attempt was made to an address in the local network.
Minimizing the Connection Alert:
Another way of dealing with unwanted interruptions caused by a connection alert is the new ability to minimize the alert window. Instead of confirming a connection alert immediately, you can minimize it into a small overlay window and postpone the decision whether to allow or deny the connection.
The context menu of a minimized connection alert offers a “Keep minimized” option. Subsequent connection attempts will then also be collected in the minimized overlay window. A counter shows the number of pending connection attempts.
Once you are in the mood for dealing with these requests you can click on the overlay to reopen the connection alert.
Alternatively you can right click the minimized connection alert to reopen the alert for a particular connection attempt (in case there’s more than one) or to open the Network Monitor for handling all pending connections there instead.
The Network Monitor shows such pending connections with yellow, pulsating Allow/Deny buttons, indicating that these connections are actually stalled, waiting for you to make a decision.
Improved DNS Name Based Traffic Filtering:
The network filter now performs Deep Packet Inspection instead of the previous IP address based filtering. This results in much more precise filter matching, especially in those cases where one and the same IP address is possibly associated with multiple hostnames (e.g. google.com vs. googleanalytics.com)
Code signature secured filter rules
The code signature of the connecting processes is now taken into account. If a rule was created for a process with a valid code signature, that rule will no longer match if the signature changes or becomes invalid. This prevents malicious software from hijacking existing rules.
Each rule now provides a “Requires valid code signature” option in the rule editor sheet in Little Snitch Configuration. This option is turned on by default.
When the code signature of a connecting process is invalid, the connection alert now offers additional options for dealing with this situation. In that case the automatic confirmation of the connection alert is suppressed.
Here are a few examples of possible scenarios:
The connecting process does not have a code signature at all.
The connecting process has a code signature by its developer, but it was modified either on disk or in memory.
A process tries to establish a connection that’s covered by an existing rule, but the code signature of the running process does not match what the rule requires.
Depending on the severity of the issue, the connection alert only shows a warning but lets you create rules as usual, or it shows a detailed description of what is going on, explains what you can do about it and only lets you create a new rule – or modify existing rules, if appropriate – after an additional confirmation.
Creating and inspecting rules in Little Snitch Configuration is also improved in regard to code signature. The info sidebar shows whether a rule requires a valid code signature and a new suggestions filter lists all rules that could require a code signature from their processes but currently don’t.
Improved Working With Profiles:
The connection alert now provides an option to specify whether a rule shall be created in the current profile or if it shall be effective in all profiles.
The new Automatic Silent Mode Switching option (configurable in Little Snitch Configuration) now lets you associate a profile with a particular Silent Mode. Whenever the profile gets activated, the corresponding Silent Mode Switching is performed.
For example, you might create a “Presentation” profile (for being used while making a Keynote presentation) that automatically turns on Silent Mode in order to prevent connection alerts from appearing during the presentation.
Improved UI for managing profiles in Little Snitch Configuration. Profiles are now created and edited in a modal editor sheet. In this sheet you can assign networks for Automatic Profile Switching, configure Silent Mode Switching, rename and activate the profile.
Priority Rules:
In Little Snitch 3, the priority of a rule was implicitly raised when the rule was moved to a profile.
In Little Snitch 4 a rule’s priority can now be defined separately for each individual rule, independent from its profile.
The priority of a rule can be changed in Little Snitch Configuration by choosing Increase/Decrease Priority from the rule’s contextual menu. Rules with increased priority are indicated with bold text.
As a general rule of thumb it’s recommended to use priority rules only sparingly, in those cases where it’s absolutely necessary in order to make a rule win against other competing rules.
In most cases, the automatic precedence ordering of rules (where more specific rules take precedence over more general ones) is sufficient for achieving the desired rule matching behavior — for example, if you have a more general rule that allows all connections to an entire domain, and another, more specific rule, that denies connections to a particular host within that domain.
An existing ruleset from Little Snitch 3 will be automatically converted. Rules that are associated with a profile (which had an implicitly raised priority before) will get the new high priority option set automatically, but only in those cases where that’s actually necessary.
Automatic ruleset analysis detects rules whose priority has been unnecessarily increased. This helps to figure out, if a rule’s priority has actually an effect on its overall precedence in relationship to other rules — in other words, if raising its priority is necessary at all.
Rules with an unnecessary priority are marked with a blue or gray exclamation mark triangle. The blue triangle indicates that the priority is completely unnecessary and can be removed. The gray triangle indicates that the priority will become unnecessary as soon as the unnecessary priority of other rules got removed.
When a priority rule is selected, rules that are affected by the priority of this rule are marked with a light blue background color. If no such affected rule exists, the priority of this rule is unnecessary and the rule marked with a blue triangle.
Managed Rules:
To avoid a vast numbers of connection alerts from appearing when using common macOS and iCloud services, Little Snitch now provides preconfigured rulesets for these usage areas. They can be turned on in Little Snitch Configuration > General. These rules will we be kept up to date with future updates of Little Snitch.

New in Little Snitch 4.0 Build 5070 Beta 2 (Jun 28, 2017)

New in Little Snitch 4.0 Build 5068 Beta 1 (Jun 17, 2017)

New in Little Snitch 3.7.4 Build 4728 (Apr 3, 2017)

New in Little Snitch 3.7.3 Build 4726 (Feb 6, 2017)

New in Little Snitch 3.7.2 Build 4724 (Jan 4, 2017)

New in Little Snitch 3.7.1 Build 4722 (Dec 7, 2016)

New in Little Snitch 3.7.1 Build 4720 Nightly (Nov 4, 2016)

New in Little Snitch 3.7 Build 4718 (Sep 14, 2016)

New in Little Snitch 3.7 Build 4710 Nightly (Jul 20, 2016)

New in Little Snitch 3.6.4 Build 4370 (Jul 20, 2016)

New in Little Snitch 3.7 Build 4706 Nightly (Jun 17, 2016)

New in Little Snitch 3.7 Build 4702 Nightly (Jun 17, 2016)

New in Little Snitch 3.6.3 Build 4362 (Jan 31, 2016)

New in Little Snitch 3.6.2 Build 4360 (Jan 29, 2016)

New in Little Snitch 3.6.2 Build 4358 Nighlty (Dec 4, 2015)

New in Little Snitch 3.6.1 Build 4356 (Nov 25, 2015)

New in Little Snitch 3.6.1 Build 4356 RC (Nov 19, 2015)

New in Little Snitch 3.6.1 Build 4354 Pre-release (Oct 20, 2015)

New in Little Snitch 3.6 Build 4352 (Sep 27, 2015)

New in Little Snitch 3.6 Build 4350 Pre (Aug 20, 2015)

New in Little Snitch 3.6 Build 4348 Pre (Jun 23, 2015)

New in Little Snitch 3.5.3 Build 4246 (May 28, 2015)

New in Little Snitch 3.5.2 Build 4240 (Mar 27, 2015)

New in Little Snitch 3.5.2 Build 4236 Pre (Jan 24, 2015)

New in Little Snitch 3.5.1 Build 4234 (Jan 7, 2015)

New in Little Snitch 3.5.1 Build 4233 Pre (Dec 23, 2014)

New in Little Snitch 3.5.1 Build 4231 Pre (Nov 28, 2014)

New in Little Snitch 3.5 Build 4228 (Nov 18, 2014)

New in Little Snitch 3.5 Build 4226 Pre (Nov 4, 2014)

New in Little Snitch 3.5 Build 4222 Pre (Oct 20, 2014)

New in Little Snitch 3.4.2 Build 4216 (Oct 17, 2014)

New in Little Snitch 3.5 Build 4221 Pre (Oct 17, 2014)

New in Little Snitch 3.4.1 Build 4214 (Oct 8, 2014)

New in Little Snitch 3.4 Build 4212 (Sep 24, 2014)

New in Little Snitch 3.4 Build 4210 Pre (Sep 16, 2014)

New in Little Snitch 3.4 Build 4205 Pre (Aug 11, 2014)

New in Little Snitch 3.3.4 Build 4098 (Jul 24, 2014)

New in Little Snitch 3.4 Build 4202 Pre (Jul 23, 2014)

New in Little Snitch 3.3.3 Build 4096 (Jul 23, 2014)

New in Little Snitch 3.3.2 Build 4094 (Jun 5, 2014)

New in Little Snitch 3.3.1 Build 4092 (May 12, 2014)

New in Little Snitch 3.3 Build 4050 (Oct 10, 2013)

New in Little Snitch 3.1.1 Build 3932 (Jun 18, 2013)

New in Little Snitch 3.1 Build 3926 (Apr 29, 2013)

New in Little Snitch 3.0.4 Build 3916 (Mar 27, 2013)

New in Little Snitch 3.0.3 Build 3908 (Feb 27, 2013)

New in Little Snitch 3.0.2 Build 3894 (Dec 7, 2012)

New in Little Snitch 3.0.1 Build 3883 (Nov 1, 2012)

New in Little Snitch 3.0.3876 (Sep 25, 2012)

Overview:
Brand new Network Monitor
Firewall for incoming connections
Profiles
Silent Mode
Simplified Connection Alert
Research Assistant for connection attempts
Redesigned Configuration Interface
Ruleset Analyzer and sorting by precedence
Rule Suggestions
Domain based rules via Connection Alert
More powerful rules (ask-option, time limits, multiple destinations)
Improved menu bar item
Optimized for MacBook Pro with Retina display
New app icon designed by The Iconfactory
Network Monitor:
Get an overview of network traffic
Traffic Diagram
Visual representation of traffic amounts over time.
Highlighting of system events (application launched, application terminated, computer sleep, …)
Display data rates on logarithmic or linear scale.
Zoom into time ranges of choice.
Supports multi-touch gestures for scrolling and zooming.
Selecting in the traffic view causes connection list to only show applications that where active (caused traffic) during that time.
Powerful sorting options (last activity, total traffic amount, process name, server name, …)
Save snapshots to investigate connection details at any later point of time.
Capture traffic of certain applications as .pcap file to open it with packet analyzer tools (such as Wireshark or Cocoa Packet Analyzer).
Easily create rules from context menu.
Show denied connection attempts.
List other hostnames resolving to same IP address.
Highlight corresponding rule in Configuration to find out which rule was responsible for allowing / denying this connection.
Search Field Tokens – Use keywords (process, server, host, ip, protocol, port or status) to filter your connection list.
Network Monitor Inspector.
Further details of selected connection entries.
Displays information about the process, server identification (hostnames, IP address), connection statistics (ports, traffic amounts, time of first / last activity, …).
Connection inspector now shows all information suitable for a search in the connection list as roll-over button so that a search can be started simply by clicking.
Connection Alerts:
Simplified Connection Alert – choose your preferred level of detail.
More versatile temporary rules: Until Quit, Until Logout, Until Restart, For [n] Minutes, etc.
Creation of domain rules.
Select other hostnames resolving to same IP address to create a rule for.
Research Assistant:
New Research Assistant for Connections. Little Snitch’s Connection Alert now has a help button. Clicking the button triggers a query to the Research Assistant Database (maintained by Objective Development) and displays information about the current connection attempt.
Users can improve the information returned by submitting feedback directly from the Connection Alert. This data is sent anonymously and will be reviewed by Objective Development.
Configuration:
Powerful new interface.
Manage profiles
Create or delete profiles.
Easily add rules to profiles via Drag&Drop.
Enable profiles by double-clicking on a profile in the sidebar.
Sidebar including
Rule Filters (Last 24 Hours, Temporary Rules, Unapproved Rules, …)
Rule Suggestions.
Profiles.
Ruleset Analyzation
Detection of redundant rules.
Highlighting of redundant / covered rules, to easily see which rules are obsolete.
Sort list of rules by process name, rule precedence or creation date.
Improved search
Narrow search scope to process, rule, enclosing folders, bundle identifier, notes.
Search results now include related rules as well.
Backups of rule archives (e.g. Time Machine) can be restored via Little Snitch Configuration.
Fullscreen support.
Suggestions:
Little Snitch offers rule suggestions based on Silent Mode connections, former, already expired temporary rules, login connections and more.
Rule suggestions can easily be converted into permanent rules.
Rule suggestions can be grouped by their common properties (process, port, host, domain) – Easily create rules that cover most typical connections for certain processes.
Menu Bar Item:
Revised Design.
Monochrome or colored Icon.
Optionally displays current data rates as numerical values.
Access to important settings.
Switch between Profiles quickly.
Enable or disable Silent Mode quickly.
Further Improvements:
In order to support multiple simultaneous logins, processes are distinguished by the user account that started the process. Rules can be created so that they apply to processes running on behalf of the current user, on behalf of a system account such as root, or on behalf of any account.
When no user is logged in, all connections which are not covered by an existing rule are automatically denied. Rule suggestions are created for these connections and can be reviewed in Little Snitch Configuration.
If you can’t login without network access (e.g. network accounts), the system can be restarted in Permissive Mode where all connections are allowed before the first user logs in. Allow-rules are automatically created so that future logins succeed. Permissive mode is also used during the first restart after installation, but not after upgrades.
All components are code-signed.
Changes since Release Candidate (3871):
Help is now available for Little Snitch.
Fixed an issue where Ask-Rules could cause a Connection Alert to be shown even in Silent Mode.
Fixed a bug where the Connection Alert wrongly indicated that the process terminated.
Fixed an issue where rules created from the Connection Alert were for process owner “System” instead of the current user.
Connection Alert now honors modifier keys that were held before the alert was shown.
Fixed unexpected change of filter scope when creating rules from rule suggestions.
Fixed potential crash of Little Snitch Network Monitor when deleting connections from the list.
Little Snitch Network Monitor can now be activated with LaunchBar. Simply add /Library/Little Snitch/Little Snitch Network Monitor.app to LaunchBar’s index.

New in Little Snitch 3.0.3871 RC (Sep 7, 2012)

New in Little Snitch 2.5.4 (Aug 28, 2012)

New in Little Snitch 3.0.3864 Preview 4 (Aug 21, 2012)

New in Little Snitch 3.0.3862 Preview 3 (Aug 18, 2012)

New in Little Snitch 3.0.3857 Preview 2 (Aug 2, 2012)

New in Little Snitch 3.0.3854 Preview (Jul 18, 2012)

OVERVIEW:
Brand new Network Monitor
Firewall for incoming connections
Profiles
Silent Mode
Simplified Connection Alert
Redesigned Configuration Interface
Ruleset Analyzer
Rule Suggestions
Sort Rules by Precedence
Domain based rules via Connection Alert
System Process Rules
Ask Rules
Versatile temporary rule options
Rules matching multiple destinations
Improved status menu
Gatekeeper ready
New app icon designed by Iconfactory
NETWORK MONITOR:
Get an overview of network traffic
Powerful sorting options (last activity, total traffic amount, process name, server name, …)
Save snapshots to investigate connection details at any later point of time.
Capture traffic of certain applications as .pcap file to open it with packet analyzer tools (such as Wireshark or Cocoa Packet Analyzer).
Easily block connections from context menu.
Show denied connection attempts
List other hostnames resolving to same IP address
Highlight corresponding rule in Configuration to find out which rule was responsible for allowing / denying this connection.
Traffic Diagram:
Visual representation of traffic amounts over time.
Highlighting of system events (application launched, application terminated, computer sleep, …)
Display data rates on logarithmic or linear scale.
Zoom into time ranges of choice.
Network Monitor Inspector:
Further details of selected connection entries
Displays information about the process, server identification (hostnames, IP address), connection statistics (ports, traffic amounts, time of first / last activity, …).
CONNECTION ALERTS:
Simplified Connection Alert – choose your preferred level of detail
More versatile temporary rules: Until Quit, Until Logout, Until Restart, For [n] Minutes, etc.
Creation of domain rules
Select other hostnames resolving to same IP address to create a rule for.
CONFIGURATION:
Powerful new interface
Fullscreen support
Sort list of rules by process name, rule precedence or creation date
Manage profiles:
Create or delete profiles
Easily add rules to profiles via Drag&Drop
Enable profiles by double-clicking on a profile in the sidebar.
Sidebar including:
Rule Filters (Last 24 Hours, Temporary Rules, Unapproved Rules, …)
Rule Suggestions
Profiles
Ruleset Analyzation:
Detection of redundant rules
Highlighting of redundant / covered rules, to easily see which rules are obsolete.
Improved search:
Define search scope to process, rule, enclosing folders, bundle identifier, notes.
Search results now include involved rules as well
SUGGESTIONS:
Little Snitch offers rule suggestions based on Silent Mode connections, former, already expired temporary rules, login connections and more.
Rule suggestions can easily be converted to permanent rules.
Rule suggestions can be grouped by their common properties (process, port, host, domain) – Easily create rules that cover most typical connections for certain processes.
MENUBAR ITEM:
Monochrome or colored Icon
Access to important settings
Quickly enable a certain profile
Quickly enable / disable Silent Mode
FURTHER IMPROVEMENTS:
In order to support multiple simultaneous logins, processes are distinguished by the user account that started the process. Rules can be created so that they apply to processes running on behalf of the current user, on behalf of a system account such as e.g. root, or on behalf of any account.
When no user is logged in, all connections which are not covered by an existing rule are automatically denied. Rule suggestions are created for these connections and can be reviewed in Little Snitch Configuration.
If you can’t login without network access (e.g. network accounts), the system can be restarted in Permissive Mode where all connections are allowed before the first user logs in. Allow-rules are automatically created so that future logins succeed. Permissive mode is also used during the first restart after installation, but not after upgrades.