Products Little Snitch Micro Snitch LaunchBar Internet Access Policy Viewer More Products Blog Shop Support Jobs

Help for Little Snitch

Expand all topics Collapse all topics

Please visit the Little Snitch Support page and enter your email address to retrieve your lost license key. Little Snitch Support > Lost License

Little Snitch license keys can be distinguished by their first two characters:

  • Little Snitch 5 license keys begin with “35…”

  • Little Snitch 4 license keys begin with “34…”.
    If the license was purchased after November 1, 2019, it’s also valid for version 5.

  • Little Snitch 3 license keys begin with “33…”

  • Little Snitch 2 license keys begin with “32…”

If you have a question or a problem related to your order, please contact our sales support team.

Delivering of the license key may take up to 15 minutes. Please also make sure the email is not in your spam folder. If you still did not receive the license key please contact our sales support team.

If you have purchased Little Snitch after November 1, 2019, you can already use that license to register Little Snitch 5 (no upgrade purchase required).

If you have purchased Little Snitch 4 before that date, you can get the upgrade at a reduced price.

Just buy a license for Little Snitch 5. This license is also valid for Little Snitch 4.

A single license is valid for all your machines as long as you are the only user.

Of course! A family license is valid for up to five computers, used by people living in the same household.

The number of required seats is either the number of computers or the number of persons using these computers — whichever number is lower. For example, an office with five employees and eight computers would need a 5-seat license to use Little Snitch on all computers.

Yes, student discounts for Little Snitch are available at the Student App Centre website.

Assuming you’ve downloaded the Little Snitch Disk Image (.dmg file) to your Downloads folder, open a new Terminal window and enter the following command to verify the cryptographic signature of the downloaded file:

codesign --verify -R="anchor apple generic and certificate leaf[subject.OU] = MLZF7K7B5R" ~/Downloads/LittleSnitch*.dmg

If the result of this command is empty (no error message is shown), the file is intact and properly signed by Objective Development.

However, if an error message is shown (like “not signed at all” or “failed to satisfy specified code requirement(s)”), this indicates that the file was maliciously modified and is no longer signed by Objective Development. In that case you should NOT open the disk image file.

No, that’s not necessary and also not recommended (because this also removes your registration information).

However, your installed Little Snitch 4 version will then no longer be loaded on macOS Big Sur and must be upgraded to Little Snitch 5.

→ Download Little Snitch 5 for macOS Big Sur

When you upgrade to Little Snitch 5, the existing, outdated installation will be automatically removed (this requires a restart of the computer for one last time).

Your existing rules and settings from Little Snitch 4 will be preserved.

Yes, your existing rules from Little Snitch 4 will be preserved.

Little Snitch 4 should not be uninstalled prior to upgrading to macOS Big Sur to preserve your rules and your registration information.

Please visit our High Sierra Compatibility page for information about installing and running Little Snitch 4 on macOS High Sierra.

Little Snitch consists of multiple components. It is therefore essential to run the Little Snitch Uninstaller to make sure all components are removed from your system. Little Snitch automatically starts the uninstaller as soon as you move the Little Snitch Configuration application to the trash. Alternatively you can start the uninstaller manually from /Library/Little Snitch/Little Snitch Uninstaller.app.

The uninstaller lets you choose whether to remove or preserve user specific data (like rules and settings). If you want to remove those items manually, delete the following files and folders (the “~” tilde sign refers to your home folder):

  • /Library/Application Support/Objective Development/Little Snitch/

  • ~/Library/Application Support/Little Snitch/

  • ~/Library/Preferences/at.obdev.LittleSnitchConfiguration.plist

  • ~/Library/Preferences/at.obdev.LittleSnitchNetworkMonitor.plist

  • ~/Library/Preferences/at.obdev.LittleSnitchInstaller.plist

Just move the Little Snitch application in Finder from your Applications folder to the trash.

This will completely remove all components of Little Snitch, including all its system extensions and helper tools.

IMPORTANT: Do not remove the Little Snitch app by any other means (like Terminal or some third party app-removal tool) because otherwise macOS won’t remove the Little Snitch system extension!

Your configuration data (which is stored at /Library/Application Support/Objective Development/Little Snitch) will not be deleted. So if you decide to reinstall Little Snitch at a later point, your rules and preferences will still be in place.

Yes. Please retrieve one of the following files from your backup:

  • Complete Ruleset: /Library/Application Support/Objective Development/Little Snitch/configuration.xpl

  • User Specific Ruleset: ~/Library/Application Support/Little Snitch/configuration.user.xpl

You can then restore your rule from that file via Little Snitch Configuration > File > Restore from Backup.

Starting with macOS 10.12 Sierra it’s possible to arrange third-party menu bar icons via Command-drag (hold down the Command key and drag the item to the desired position).

In previous OS versions, third-party menu bar icons are at fixed positions and can’t be moved. Third-party tools like Bartender make it possible to arrange the items also in OS versions before 10.12 but for security reasons Little Snitch can not be used with such tools.

If you just want to save space in your menu bar you can simply turn off Little Snitch’s menu bar icon. The functions in it can also be accessed in the Little Snitch Configuration application’s preferences and you can open the Network Monitor window also via a configurable keyboard shortcut.

Open Little Snitch Configuration and choose File > Create Backup from the menu. This will create a backup file at the location of your choice. You can restore your rules from that file later via File > Restore from Backup.

By default, local network traffic is hidden in Little Snitch Network Monitor. If you want to see this traffic as well, you just have to enable “Show Local Network” in the Little Snitch Network Monitor menu.

This is a technical limitation of Apple Maps, the service that we are using for showing the map in Network Monitor. Apple’s Maps.app has the same limitation and doesn’t let you zoom out far enough to see a map of the whole world at once.

Open the Little Snitch application from your Applications folder, open Preferences > General and click the Stop button to turn off the Network Filter. Any network traffic will then be allowed, such as if Little Snitch wasn’t installed at all. If you are using the Little Snitch menu bar icon, you can also stop the filter by choosing “Stop Network Filter” from the menu.

Since version 3 Little Snitch can also handle and filter incoming connections. They are labeled with this icon:

Incoming Connection Icon

No, sorry, this is currently not possible.

Update: Apple has already fixed this bug in macOS Big Sur 11.1 beta, released on November 18th.

When one of the following apps is started while the Little Snitch Network Extension is active, macOS Big Sur 11.0.1 may freeze and restart with a kernel panic. Most of these panics were fixed on Big Sur 11.1, but not all.

  • Wine (Windows emulator) and apps based on Wine.

  • Plex Media Server.

  • macports (during package list update). This panic may still happen on Big Sur 11.1.

  • Possibly others (please let us know)

The panic seems to be triggered by a broadcast message. The panic log reads like this:

panic(cpu 4 caller 0xffffff80092bfb71): assertion failed: (MBUFQ_EMPTY(&cfq->q_mq) && cfq->q_start == cfq->q_end) || (!MBUFQ_EMPTY(&cfq->q_mq) && cfq->q_start != cfq->q_end), file: /AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/xnu/xnu-7195.50.7/bsd/net/content_filter.c, line: 1089

or

panic(cpu 8 caller 0xffffff8003753a13): userspace watchdog timeout: no successful checkins from com.apple.remoted in 180 seconds

or

panic(cpu 1 caller 0xffffff80015e496e): "Releasing non-exclusive RW lock without a reader refcount!"@/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/xnu/xnu-7195.50.7/osfmk/i386/locks_i386.c:1335

These panics are a bug in kernel of the operating system and can only be fixed by Apple.

There are several possible causes for such behavior of Little Snitch.

First of all you really need to make sure that you have set the lifetime for the rule to “Forever“ when creating it (as opposed to “Once“, or “Until Quit“ etc.)

Then it’s also necessary that the path of the application (where it resides on your disk) remains unchanged. If you move an app to a different folder, the rules you created earlier for this app will cease to match.

Unfortunately the path of an application can also change without your explicit doing. If the path displayed in Little Snitch’s Network Alert contains parts like /private/var, it’s likely that the issue is related to the “Gatekeeper” functionality of macOS. See this blog post for further details.

Make sure to use a keyboard that’s directly connected to your computer (cable or Bluetooth). Changing the settings or entering the license key via any kind of remote access (e.g. Screen Sharing) will not work with the default security settings of Little Snitch.

Please check the order of your preferred languages in System Preferences > Language & Region and make sure that English is further up in the list than German. After a restart Little Snitch should then be localized in English.

Valid license keys for Little Snitch 4 start with “34…”, keys for version 3 start with “33…”. They are about 25 characters long.

When entering the license key, please copy and paste the key to avoid typos. If it still does not work, please contact our sales support team.

Little Snitch consists of multiple parts, some of them operating at a low level of the operating system, called the kernel. Little Snitch needs to trigger an update of kernel caches and requires a reboot during installation. Under rare circumstance this kernel cache update might fail, which may prevent your computer from starting.

If this happens during the installation of Little Snitch on your computer, please start it in safe mode by holding the Shift key (⇧) (you can find more information about safe mode here). If you are using OS X Yosemite or earlier, please repair your disk permissions using Disk Utilities.app (for detailed instructions see How & Why to repair disk permissions in OS X). As second step, start the Little Snitch Installer once again and perform a restart as instructed.

Usually this solves the issue. If you are still unable to start your computer, please get in touch with our tech support team.

Whenever Little Snitch blocks a particular connection, this is indicated in realtime in Little Snitch Network Monitor by a red flashing of that connection. You can right-click on such a connection and choose “Show Corresponding Rule” from the context menu to open the Little Snitch rules window and focus on the rule that’s responsible for this connection being denied.

At least one component of Little Snitch has not been updated correctly and most likely this is related to an issue with the kernel cache. As Little Snitch consists of multiple parts (including a kernel extension) it is necessary to update the kernel cache after the installation. Updating the kernel cache might reveal issues with third-party extensions. Please try to restart the system, run the Little Snitch Installer again. If the issue persists please generate a diagnostics report and contact our tech support team.

Little Snitch ignores simulated keystrokes and mouse clicks to make sure that malicious software cannot change your firewall settings by simulating user interaction.

Unfortunately this also affects software that allows you to access your Mac remotely (like TeamViewer, RealVNC, etc).

If you do need remote access Little Snitch, you have to enable the “Allow GUI Scripting access to Little Snitch” option in Little Snitch Configuration > Preferences > Security.

Prey is installed under a separate user account (user: ‘prey’) on the system. In order to access its Little Snitch rules you have to open the Little Snitch Configuration as the user ‘prey’ by entering the following Terminal command (/Applications/Utilities/Terminal.app) and pressing Return:

sudo -u prey /Applications/Little\ Snitch\ Configuration.app/Contents/MacOS/Little\ Snitch\ Configuration

After entering your admin password when prompted, you should be able to see the Little Snitch Configuration window with one or more rule suggestion(s) for the Prey process named “node“ in the Suggestions > “Login Connections“ category. Select one of the rules and click on the “More“ button at the top right of the suggestions list. In the appearing popup menu choose “Allow any connection“. After closing the Little Snitch Configuration and restarting your system, all connections for Prey will be allowed.

Little Snitch cannot stall certain kinds of incoming connections or data. Please see Little Snitch help, chapter “Incoming connections” for more information.

To make sure you don’t miss any new versions that contain the latest bug fixes and improvements, you cannot disable these checks. This is critical because prerelease versions are not considered stable and still need testing before we’re confident in releasing them to all users.

If you want to downgrade from a prerelease version to the latest stable version, you can do so by downloading it from the website.

This is due to a limitation in Apple’s Network Extension API, which surprisingly whitelists a number of system services like Maps, FaceTime, App Store or Software Update and therefore doesn’t report the network activity of these services to third-party application firewalls.

The use of this new API is now mandatory for third-party developers on macOS Big Sur, because Apple no longer supports the previous kernel extension based approach, which didn’t suffer from this limitation.

We’ve been investigating a solution in Little Snitch to make these whitelisted connections visible by means of alternative techniques. This solution is already available in our latest nightly build of Little Snitch 5.1.

There’s an ongoing discussion about this problem in various online media, and we assume that Apple will address these concerns in a future macOS update. See our blog article to learn more about this topic.

UPDATE: This issue has been resolved in macOS Big Sur 11.2. Apple has removed this whitelist completely, allowing third-party firewalls like Little Snitch to reliably monitor and filter any network traffic.

Up until macOS 11.1 the whitelist inlcudes the following macOS processes:

/System/Applications/App Store.app/Contents/MacOS/App Store
/System/Library/CoreServices/cloudpaird
/System/Library/CoreServices/mapspushd
/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated
/System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd
/System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter
/System/Library/PrivateFrameworks/ApplePushService.framework/apsd
/System/Library/PrivateFrameworks/AppStoreDaemon.framework/Support/appstoreagent
/System/Library/PrivateFrameworks/AppStoreDaemon.framework/Support/appstored
/System/Library/PrivateFrameworks/AssetCacheServices.framework/Versions/A/XPCServices/AssetCacheLocatorService.xpc/Contents/MacOS/AssetCacheLocatorService
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
/System/Library/PrivateFrameworks/CloudKitDaemon.framework/Support/cloudd
/System/Library/PrivateFrameworks/CommerceKit.framework/Resources/commerced
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/commerce
/System/Library/PrivateFrameworks/CoreLSKD.framework/Versions/A/lskdd
/System/Library/PrivateFrameworks/CoreParsec.framework/parsecd
/System/Library/PrivateFrameworks/CoreSpeech.framework/corespeechd
/System/Library/PrivateFrameworks/DistributedEvaluation.framework/Versions/A/XPCServices/com.apple.siri-distributed-evaluation.xpc/Contents/MacOS/com.apple.siri-distributed-evaluation
/System/Library/PrivateFrameworks/FamilyCircle.framework/Versions/A/Resources/familycircled
/System/Library/PrivateFrameworks/FamilyNotification.framework/FamilyNotification
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/HomeKitDaemon.framework/Support/homed
/System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Contents/MacOS/identityservicesd
/System/Library/PrivateFrameworks/IDSFoundation.framework/IDSRemoteURLConnectionAgent.app/Contents/MacOS/IDSRemoteURLConnectionAgent
/System/Library/PrivateFrameworks/IMCore.framework/imagent.app/Contents/MacOS/imagent
/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent
/System/Library/PrivateFrameworks/IMTransferServices.framework/IMTransferAgent.app/Contents/MacOS/IMTransferAgent
/System/Library/PrivateFrameworks/MapsSuggestions.framework/MapsSuggestions
/System/Library/PrivateFrameworks/MapsSupport.framework/MapsSupport
/System/Library/PrivateFrameworks/MediaStream.framework/MediaStream
/System/Library/PrivateFrameworks/MusicLibrary.framework/MusicLibrary
/System/Library/PrivateFrameworks/PassKitCore.framework/passd
/System/Library/PrivateFrameworks/ProtectedCloudStorage.framework/Helpers/ProtectedCloudKeySyncing
/System/Library/PrivateFrameworks/SyncedDefaults.framework/Support/syncdefaultsd
/System/Library/TextInput/kbd
/usr/libexec/coreduetd
/usr/libexec/diagnosticd
/usr/libexec/findmydeviced
/usr/libexec/fmfd
/usr/libexec/locationd
/usr/libexec/mdmclient
/usr/libexec/mobileactivationd
/usr/libexec/mobileassetd
/usr/libexec/networkserviceproxy
/usr/libexec/rtcreportingd
/usr/libexec/secd
/usr/libexec/siriknowledged
/usr/libexec/swcd
/usr/libexec/tailspind
/usr/libexec/teslad
/usr/libexec/timed
/usr/libexec/trustd
/usr/sbin/securityd
com.apple.facetime

When a process attempts to connect to a particular IP address, Little Snitch uses a heuristics (based on previous DNS lookups, Deep Packet Inspection and more) to determine the corresponding hostname for that IP address to figure out which of your filter rules shall be applied.

In some rare cases this approach may be unable to find a unique hostname match for a given address. The connection alert will then only show the IP address for that connection, often together with a list of possible hostnames which all resolve to that same address.

Some users are experiencing very high memory usage (up to several GB of RAM) in some components of Little Snitch (Network Extension, Network Monitor, Endpoint Security). We are currently investigating the cause of this problem.

If you do experience this issue, please quit the affected process via Activity Monitor.

Note that quitting the Network Extension may cause some subsequent connection alerts to show only the connection’s IP address instead of the hostname.

Yes, Little Snitch 5 is available as a universal binary that runs on both Apple silicon and Intel-based Mac computers.

→ Download Little Snitch 5

Yes, Little Snitch 5 or newer is compatible with macOS 11 Big Sur.

→ Download Little Snitch 5

Yes, Little Snitch 4.4 up to version 4.6 is compatible with macOS 10.15 Catalina.

Important Note
Little Snitch 5 requires macOS 11 Big Sur and therefore can not be installed on macOS Catalina.

→ Download Little Snitch 4.6

Little Snitch 4.5.2 is the latest version compatible with macOS 10.14 Mojave.

→ Download Little Snitch 4.5.2

Little Snitch 4.5.2 and 3.8.2 are the latest versions compatible with macOS 10.13 High Sierra.

→ Download Little Snitch 4.5.2

→ Download Little Snitch 3.8.2

Little Snitch 4.5.2 and 3.8.2 are the latest versions compatible with macOS 10.12 Sierra.

→ Download Little Snitch 4.5.2

→ Download Little Snitch 3.8.2

Little Snitch 4.5.2 and 3.8.2 are the latest versions compatible with OS X 10.11 El Capitan.

→ Download Little Snitch 4.5.2

→ Download Little Snitch 3.8.2

Little Snitch 3.8.2 is the latest versions compatible with OS X 10.10 Yosemite.

→ Download Little Snitch 3.8.2

Little Snitch 3.6.4 is the latest versions compatible with OS X 10.9 Mavericks.

→ Download Little Snitch 3.6.4

Little Snitch 3.3.4 is the latest version compatible with OS X 10.8 Mountain Lion.

→ Download Little Snitch 3.3.4

Little Snitch 3.3.4 is the latest version compatible with OS X 10.7 Lion.

→ Download Little Snitch 3.3.4

Little Snitch 3.3.4 is the latest version compatible with OS X 10.6 Snow Leopard.

→ Download Little Snitch 3.3.4

Legacy versions of Little Snitch provide support back to OS X 10.2 Jaguar.

→ Download Legacy version of Little Snitch

Older versions of Little Snitch can be found on this page. Please try to use the most recent version of Little Snitch that supports your operating system.

Unfortunately Apple’s regulations and submission guidelines do not allow applications like Little Snitch that operate on the system level on the iOS (iPhone, iPad, iPod touch), tvOS (Apple TV), or watchOS (Apple Watch) platforms.

Our entire team consists of longtime macOS developers and we love the Mac platform. It is therefore very unlikely that a version for a different platform will be available in the near future.

Only partially. The NVIDIA Web Drivers (as opposed to the original drivers provided by Apple) need to inject program code into running apps and Little Snitch (as some other apps like iBooks) do not allow that for security reasons. Therefore the Little Snitch Network Monitor can not show its inspector and map view.

Legacy System Extension – Existing software on your system loaded a system extension signed by “Objective Development Software GmbH” which will be incompatible with a future version of macOS. Contact the developer for support.

Starting with macOS 10.15.4 the above “Legacy System Extension” message is shown when Little Snitch is installed.


Is there an update of Little Snitch that’s compatible with macOS 11 Big Sur?

Yes. The latest version 5 of Little Snitch is fully compatible with macOS 11 Big Sur. → Learn more…

Will I get the update for free?

If you have purchased a Little Snitch license after November 1, 2019, this license can also be used to register Little Snitch 5. If you purchased Little Snitch 4 before that date, you can get the upgrade at a reduced price.

Will Little Snitch 4 run on macOS 11 Big Sur?

Little Snitch 4 will not be loaded on macOS 11 Big Sur.

No, Little Snitch 5 cannot be used on macOS Catalina. It requires macOS Big Sur or later. If you want to use Little Snitch on Catalina, you have to install version 4 instead.

→ Download Little Snitch 4

Background

Little Snitch 5 is based on Apple’s Network Extension framework, which replaces the previous kernel extension API, that is no longer supported on macOS Big Sur.

This framework is quite new. Although it already exists on macOS Catalina, some of the API that Little Snitch relies on was added to this framework only with the latest Catalina updates, still containing some bugs that have only been addressed in macOS Big Sur.

Little Snitch 4 is using a Network Kernel Extension to perform its network filtering. Apple has discontinued the support for this type of kernel extensions in macOS Big Sur. The system therefore refuses to load the unsupported extension.

Little Snitch 5 has been updated to the new Network Extension technology instead, which is fully compatible with macOS Big Sur.

Download Little Snitch 5

No. Little Snitch 4 is using a Network Kernel Extension to perform its network filtering. Apple has discontinued the support for this type of kernel extensions on Apple Silicon Macs.

Little Snitch 5 has been updated to the new Network Extension technology instead, which is fully compatible with Apple Silicon Macs.

Download Little Snitch 5

Little Snitch 5 Help

Little Snitch 4 Help

Release Notes

Lost your license key?

Enter the email address from your order and we’ll resend your license key.

Didn’t find what you were looking for?

Contact us

Follow us for the latest news and updates.

Follow us

EnglishDeutsch
© 2021 Objective Development Software GmbHAbout UsPressPrivacyTerms

© 2021 Objective Development Software GmbH

About UsPressPrivacyTerms