This is due to a limitation in Apple’s Network Extension API, which surprisingly whitelists a number of system services like Maps, FaceTime, App Store or Software Update and therefore doesn’t report the network activity of these services to third-party application firewalls.
The use of this new API is now mandatory for third-party developers on macOS Big Sur, because Apple no longer supports the previous kernel extension based approach, which didn’t suffer from this limitation.
We’ve been investigating a solution in Little Snitch to make these whitelisted connections visible by means of alternative techniques. This solution is already available in our latest nightly build of Little Snitch 5.1.
There’s an ongoing discussion about this problem in various online media, and we assume that Apple will address these concerns in a future macOS update. See our blog article to learn more about this topic.
UPDATE: This issue has been resolved in macOS Big Sur 11.2. Apple has removed this whitelist completely, allowing third-party firewalls like Little Snitch to reliably monitor and filter any network traffic.
Up until macOS 11.1 the whitelist inlcudes the following macOS processes:
/System/Applications/App Store.app/Contents/MacOS/App Store
/System/Library/CoreServices/cloudpaird
/System/Library/CoreServices/mapspushd
/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated
/System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd
/System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter
/System/Library/PrivateFrameworks/ApplePushService.framework/apsd
/System/Library/PrivateFrameworks/AppStoreDaemon.framework/Support/appstoreagent
/System/Library/PrivateFrameworks/AppStoreDaemon.framework/Support/appstored
/System/Library/PrivateFrameworks/AssetCacheServices.framework/Versions/A/XPCServices/AssetCacheLocatorService.xpc/Contents/MacOS/AssetCacheLocatorService
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
/System/Library/PrivateFrameworks/CloudKitDaemon.framework/Support/cloudd
/System/Library/PrivateFrameworks/CommerceKit.framework/Resources/commerced
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/commerce
/System/Library/PrivateFrameworks/CoreLSKD.framework/Versions/A/lskdd
/System/Library/PrivateFrameworks/CoreParsec.framework/parsecd
/System/Library/PrivateFrameworks/CoreSpeech.framework/corespeechd
/System/Library/PrivateFrameworks/DistributedEvaluation.framework/Versions/A/XPCServices/com.apple.siri-distributed-evaluation.xpc/Contents/MacOS/com.apple.siri-distributed-evaluation
/System/Library/PrivateFrameworks/FamilyCircle.framework/Versions/A/Resources/familycircled
/System/Library/PrivateFrameworks/FamilyNotification.framework/FamilyNotification
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/HomeKitDaemon.framework/Support/homed
/System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Contents/MacOS/identityservicesd
/System/Library/PrivateFrameworks/IDSFoundation.framework/IDSRemoteURLConnectionAgent.app/Contents/MacOS/IDSRemoteURLConnectionAgent
/System/Library/PrivateFrameworks/IMCore.framework/imagent.app/Contents/MacOS/imagent
/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent
/System/Library/PrivateFrameworks/IMTransferServices.framework/IMTransferAgent.app/Contents/MacOS/IMTransferAgent
/System/Library/PrivateFrameworks/MapsSuggestions.framework/MapsSuggestions
/System/Library/PrivateFrameworks/MapsSupport.framework/MapsSupport
/System/Library/PrivateFrameworks/MediaStream.framework/MediaStream
/System/Library/PrivateFrameworks/MusicLibrary.framework/MusicLibrary
/System/Library/PrivateFrameworks/PassKitCore.framework/passd
/System/Library/PrivateFrameworks/ProtectedCloudStorage.framework/Helpers/ProtectedCloudKeySyncing
/System/Library/PrivateFrameworks/SyncedDefaults.framework/Support/syncdefaultsd
/System/Library/TextInput/kbd
/usr/libexec/coreduetd
/usr/libexec/diagnosticd
/usr/libexec/findmydeviced
/usr/libexec/fmfd
/usr/libexec/locationd
/usr/libexec/mdmclient
/usr/libexec/mobileactivationd
/usr/libexec/mobileassetd
/usr/libexec/networkserviceproxy
/usr/libexec/rtcreportingd
/usr/libexec/secd
/usr/libexec/siriknowledged
/usr/libexec/swcd
/usr/libexec/tailspind
/usr/libexec/teslad
/usr/libexec/timed
/usr/libexec/trustd
/usr/sbin/securityd
com.apple.facetime