Release Notes

Improvements

• Improved compatibility with programs using UDP communication by avoiding deep packet inspection for most UDP traffic.

Bug Fixes

• Fixed an issue causing some rules in the Configuration window to be shown with their Code ID instead of the process name.
• Fixed a crash of Network Monitor when opening the connection inspector.
• Fixed detection of Wi-Fi networks for Automatic Profile Switching when the router cannot not be found.

Software Update Hot Fix

This version fixes a bug introduced in the previous version, 6.2.1: For some users, the automatic software update fails to check for new versions.

As a result, affected users are not notified when a new version of Little Snitch (such as this one, which resolves the issue) becomes available. Instead, they must manually check for updates by selecting “Check for Updates” from the “Little Snitch” menu within the application.

We therefore highly recommend that all users of Little Snitch 6.2.1 install the 6.2.2 update.

Other Bug Fixes

• Fixes an issue in the map of Network Monitor causing incorrect city names to be shown for connections to Africa.

Network Monitor

• Connections from helper processes that are contained within an app bundle are now attributed to their parent app in the connection list of Network Monitor, so they no longer show up as separate, nested connections.
• The connection list now shows more useful names for XPC helper processes running from a temporary, random path which may no longer exist.
• Improved information shown in the inspector’s header section when an app group or app extension is selected.

Configuration

• The rule list now shows an info text overlay for empty search and filter results (explaining why the list is empty).

Connection Alert

• If the Network Extension frameworks provides the URL leading to a connection, this information is now shown in the details section of the connection alert.

Bug Fixes and Improvements

• Improved the installation process to initiate a retry sequence if the Agent process did not start after installation.
• Fixed a missing localization in the Endpoint Security installation dialog on macOS Sonoma. This bug prevented the installation of the Endpoint Security system extension on Sonoma.
• The “Select All” and “Deselect All” commands no longer worked in Network Monitor.
• The Command-Delete keyboard shortcut for removing connections from the connection list no longer worked in Network Monitor.
• Fixed the incorrect appearance of another “Private Relay” label, shown in the map.
• Fixed an issue causing updates of the geolocation database to happen too often or not at all.
• Fixed a display issue in Network Monitor when hovering certain elements in the inspector with the mouse, causing the displayed icon to overlap with the underlying text.

Network Monitor

• New option in context menu of Network Monitor to focus on connections of a particular process.
• Connections of other users are now hidden by default in Network Monitor to prevent confusion of having e.g. multiple instances of Safari and Mail (owned by different users) shown in the connection list. You can still enable the display of these connections in the view options menu in the toolbar, by choosing “Show Connections of Other Users”.
• Improved display of connections without an existing allow or deny rule in the connection list, showing a completely empty allow/deny button instead of no button at all.
• Improved display of connections via iCloud Private Relay on the map. Since the actual IP address of the server is unknown for these connections, it’s not possible to determine their actual location. Little Snitch therefore collects all these connections under a virtual location labeled “Private Relay”.
• Improved keyboard navigation in connection list to expand the “more items” section by pressing the right arrow key twice.
• Improved display of process paths in the inspector view.
• Clicking a process path in the inspector now opens a menu offering to show the app in Finder or to copy the path.

Configuration

• Added several new filter options in the rule window, accessibly by long-clicking the filter buttons in the search field.
• When viewing the contents of a blocklist, there’s now a new “Used Entries” section (which is shown by default), presenting only those blocklist entries that have been used at least once.
• Preventing the search string from getting cleared when switching between different blocklists.

Other new features and improvements

• Improved accessibility via VoiceOver.
• Improved Wi-Fi name detection using the CoreWLAN API in favor of other methods. Wi-Fi name detection is required for Automatic Profile Switching.
• Improved installer to better handle Agent installation issues.
• Further improved detection of Homebrew executable paths.

Bug Fixes

• Fixed a rare crash or hang due to a leak of file descriptors when Automatic Profile Switching is enabled.
• Fixed a bug in the littlesnitch rulegroup Terminal command where the requested rule group or blocklist was not found.
• Fixed a bug where clicking the “Delete All Redundant Rules” button in the Redundant Rules filter section did nothing.
• Fixed an issue causing the map to open with a rather small width after launching the Network Monitor.

Improvements

• DNS encryption now supports password authentication to DoH servers (DNS over HTTP).
• Improved detection of Wi-Fi network changes for automatic profile switching.
• Improved responsiveness of Network Monitor when selecting a time range in the traffic chart.
• Improved accessibility via VoiceOver.

Bug Fixes

• Fixed dimming of status menu icon on inactive display.
• Fixed a bug where traffic meters in Network Monitor did not update correctly.
• Fixed a bug where the creation of rule groups for Apple Apps or Third Party Apps did not complete.
• Fixed possible deadlock during installation of Little Snitch for certain network configurations.
• Fixed a rare bug where the rule inspector in Little Snitch could stop working.

Improvements

• Added a hovering effect to Internet Access Policy buttons in the connection list of Network Monitor to indicate that they can be clicked.
• Improved handling of connection errors in DNS encryption.
• Update “Last Used” statistics also for “Ask”-rules.
• Preserve the traffic chart zoom level when Network Monitor is restarted.

Bug Fixes

Network Monitor

• Fixed: Some text input methods like Chinese or Japanese did not work in the search field.
• Fixed: The Internet Access Policy button was incorrectly shown for the “Local Network” group of a connection.
• Fixed a flickering of Internet Access Policy buttons and rule management buttons when scrolling quickly through a large list of connections.
• Fixed a possible crash on startup of Network Monitor.
• Fixed false labeling of weekdays in the traffic chart when the “First day of week” setting in System Settings was different from “Monday”.

Little Snitch App

• Fixed a crash when a rule for an app with a corrupted Info.plist file was found.
• Fixed a bug where changes of a rule’s remote endpoint did not become effective until another rule change occurred.
• Fixed incorrect updates of the rule list when rules were added or removed via Network Monitor.

Connection Alert

• Fixed a bug where a connection alert incorrectly reported a change in the authorship of a TestFlight app, although the original and new author were identical.

Status Menu

• Fixed behavior when clicking a recently denied connection which was denied by an IP address rule.

Mass Deployment

For installing Little Snitch via Mass Deployment, the initial confirmation dialogs can be suppressed via command line arguments to the app. Pass

-AcceptLicenseAgreementAutomatically YES \
-PerformInstallationAutomatically YES

to suppress both dialogs. Note that the network extension can be allowed via a .mobileconfig file before installation.

This version fixes a problem where DNS lookups would leave the computer unencrypted although DNS encryption has been turned on.

This bug was new in 6.1, previous versions are not affected.

Compatibility with macOS 15 Sequoia

• Updated installation instructions that are shown during the first-time installation of Little Snitch. On macOS Sequoia the Little Snitch Network Extension now has to be enabled in a different location in System Settings: The UI for enabling the extension has been moved to Login Items & Extensions > Extensions > Network Extensions.

Customization of Status Icon in the Menu Bar

• The appearance of the Little Snitch status icon can now be customized in more detail under Settings > Status Menu.
• The flashing indication when a connection is blocked can now be turned off.
• Each component of the status icon can now be separately configured to be colored or monochrome.
• It is now possible to choose an appearance that shows numerical data rates only, without a graphical traffic meter.
• The indication of an active silent mode can now be turned off.

Improved Internet Access Policy Support

• The availability of an Internet Access Policy for a particular app or connection is now indicated by an icon in the connection list and the rule list.
• Clicking on that icon opens a popover containing information from the app developer, explaining the app or connection in more detail.
• A filter option has been added to the filter menu in the search bar, allowing you to show only rules for apps that include an Internet Access Policy.

Other Improvements

• Further increased the precedence of blocklists over all other rules. A blocklist now always has the highest precedence. To override a blocklist entry with a rule (e.g., by creating a rule to allow connections to x.com, even though these connections are blocked by a blocklist) it is now necessary to explicitly increase the priority of that rule using the “Increase Priority” command from the context menu.
• Allowing connections that are currently blocked by a blocklist via Network Monitor now allows you to creates rules with increased priority so they can reliably override the blocklist entry.
• Selecting a recently denied connection from the status menu or selecting an app from the Recent Network Activity list now better focusses on those connections in Network Monitor.
• Selecting a recently denied connection from the status menu with the Option key held down now shows the rule that’s responsible for the denial of that connection.
• Improved “Show Corresponding Rules” command in Network Monitor to show all rules that are somehow affecting the selected connection and sort them by precedence.
• Deleting a profile that has networks assigned for Automatic Profile Switching no longer deletes those networks but keeps them available for assigning them to a different profile.
• Reduced update frequency of traffic rates shown in the Inspector view of Network Monitor.
• Improved determination of the hostname for a given IP address.
• Improved the appearance of pressed Allow/Deny buttons in the connection alert.
• Improved Automatic Profile Switching to always add newly joined networks to the list of known networks.
• Improved the display of blocklist updates in Notification Center to also show the number of blocklist entries that have been added or removed.
• Improved the display of domain blocklist entries with increased emphasis on the name of the blocked domain.
• Added limited support for blocklists in the Adblock format.
• Improved sorting by domain names (rules and blocklist entries). They are now sorted strictly alphabetically instead of being grouped by organization domain.
• Added an Internet Access Policy to the Little Snitch Network Extension.
• Improved display of system extensions in the connection list, showing their localized display names, if available.
• Renamed the “Unix Process” filter option to “Background Process”.
• Improved the detection of Wi-Fi SSIDs for Automatic Profile Switching.

Bug Fixes

• Fixed: Sorting blocklist entries by their enabled state did not sub-sort the list by domain/hostname.
• The “Lock/Unlock Configuration” menu command was incorrectly disabled when the “Networks” section was selected.
• Fixed a potential crash when selecting an entry in the filter sidebar of the Little Snitch app after invoking Show Corresponding Rules in Network Monitor.
• Fixed: The “Background Processes” rule filter in the rule list incorrectly included “Any Process” rules, as well as rules for widgets and Safari, in the filter results.
• Fixed: Opening the Network Monitor window using the keyboard shortcut did not work immediately after closing the window with Command-W.
• Fixed: Changes to a rule’s priority were not immediately applied to the network filter.
• Fixed: The increased priority of rules was sometimes incorrectly indicated as being “unnecessary”.
• Fixed a minor drawing glitch in the traffic chart displayed in the status menu.
• Fixed: Blocklists sometimes incorrectly appeared in the Rule Groups section of the sidebar.
• Fixed a potential crash of the Little Snitch Network Extension.
• Fixed some typos in UI labels.
• Added missing German localization for “Effective in all profiles” in the sidebar.
• Added missing German localization for the title of the “Lock Configuration” menu item.
• Added missing German localization in the rule filter picker.

Bug Fix for users upgrading from Little Snitch 5

• When upgrading from Little Snitch 5 to version 6.0.3, the existing rules and setting were not preserved but reset to the factory settings. This bug has been fixed in this version.
• If you have been affected by this bug, you can restore your previous rules and settings by choosing File > Restore from Backup from the menu bar in the Little Snitch app.
• A backup file of your Little Snitch 5 configuration can be found in the /Library/Application Support/Objective Development/Little Snitch folder.
• The name of that backup file is
  configuration5_YYYY-MM-DD_hh.mm.ss_crashOnLoad-5.xpl
  (the middle part of the filename is the date/time when the backup was created).

Improved Demo Mode

• Little Snitch now offers a free, fully featured 30-day trial for existing customers with a valid license for version 5.
• New users without a license can still run Little Snitch in demo mode, where the network filter is turned off after each three hours of operation.
• The current status of the trial is shown in the toolbar of the rules window and in Network Monitor.
• New littlesnitch restrictions Terminal command to query the status of the trial.

New Features and Improvements

• Increased precedence of blocklists so they can block connections that would otherwise be allowed by Any Process / Domain rules.
• New littlesnitch profile command to enable disable profiles.
• New littlesnitch rulegroup command to enable or disable rule groups.
• New option --preserve-terminal-access for littlesnitch restore-model to prevent lockout.
• Debugging of DNS encryption problems is now easier: If errors occurred recently, an error log is available in the DNS Encryption settings pane of Little Snitch.
• A “Troubleshooting” menu is added to the Help menu when it’s opened with the Option key held down.
• When copying rules from the rules window, blocklists are now represented as reference to the blocklist URL, not by copying a list of all blocklist entries.

Bug Fixes

• When deciding about DNS encryption exceptions, Little Snitch now also considers DNS queries of type MX, PTR and others.
• When an error occurs in the connection to an encrypted DNS server, Little Snitch now always attempts to reconnect to the server.
• Fixed: When importing a backup, DNS encryption settings were not restored.
• Fixed: Settings for enabled and disabled notifications were not correctly encoded in a backup.
• Preventing the creation of invalid rules when pasting into the rules window.
• When deleting a selected blocklist, rule group or profile, the selection in the sidebar now switches back to “All Rules”.
• Fixed a crash in Network Monitor when right-clicking on “Incoming Connections”.

Network Monitor

• Fixed: The “Show Corresponding Rules” context menu action did not correctly handle connections blocked by a blocklist.
• Fixed: Rule buttons in the connection list may have falsely indicated a mixed allow/deny state, although the connection was actually copletely blocked by a blocklist.

Configuration

• Corrected textual description of “Hide in Network Monitor” rules.
• If a rule’s executable path became invalid due to renaming or moving the app, the inspector now offers a “Repair” option, attempting to resolve the issue.
• Fixed: Duplicating a biderectional rule via Copy/Paste didn’t work properly.

Improvements

• DNS encryption can now be disabled completely in particular profiles. Enter an asterisk (“*”) for the domain in the “DNS Encryption Exceptions” settings, which acts a wildcard for “All Domains”.
• IP address based blocklists now have precedence over all DNS/name-based rules.
• When selecting a recently denied connection from the status menu, the specific server is now selected in Network Monitor, not just the domain.
• Added an option in Settings > Status Menu to choose if local network traffic shall be included in status menu traffic rates and graphs.
• Improved confirmation dialog when deleting a rule group or profile: You are now asked to explicitly choose whether to keep or delete rules that are contained in that group or profile.
• Improved searching for rules via search field. By default the bundle identifier of the rule or the rule’s notes are no longer searched, because this often resulted in too many and sometimes unexpected search results. You can still search in these fields by choosing a dedicated search scope.
• Improved feedback when the update of a blocklist failed. The yellow warning triangle can now be clicked to reveal more information about what went wrong.
• Clicking on an already selected filter in the sidebar of the rules window now resets an active focus mode.
• The summary inspector in Network Monitor now shows connection statistics for the deepest leaf nodes of the current grouping.

Bug Fixes

• Exception domains for DNS encryption are now case-insensitive.
• The context menu in the connection list of Network Monitor can now also be opened with control-click.
• Clicking the clear button in the search field of the rules window and Network Monitor no longer removes keyboard focus from the search field.
• Fixed textual search for internationalized domain names in blocklists.
• Fixed a bug where total traffic amounts displayed in the connection list did increase over time, even if a fixed time range was selected in the traffic chart.
• Fixed a bug causing the summary statistics in the inspector of Network Monitor not being update after changing connection grouping.
• Fixed: Search field filter buttons didn’t work in the Suggestions section of Little Snitch.
• Fixed: Pressing Down-Arrow in Rule Editor text field did open the wrong menu.
• Clearing Port/Process text fields in rule editor did not reset to Any/Any Process.
• Accessibility: The context menu in the rule list could not be opened via VoiceOver.
• The traffic chart icon shown in the menu bar was sometimes displayed with the wrong color while the menu was open.
• The “Differentiate by color” option was not properly considered for numeric data rates when the 5-minute history style of the chart was used.
• Fixed icon representing “Alert Mode” in profile editor.
• Added missing German localizations.

New in Little Snitch 6

Blocklists

• Enhanced support for blocklists, similar to the features found in Little Snitch Mini.
• Conveniently choose from a curated list of blocklists, organized by topic (like Advertising, Tracking, Malware, etc.), allowing you to enable these blocklists with just a few mouse clicks.
• Automatic daily updates ensure that your blocklists are kept up to date when the maintainer adds new entries.
• Improved filtering performance when filtering network connections based on large blocklists.

DNS Encryption

• All DNS lookups can now be securely transmitted via encrypted connections to a DNS server of your choice, ensuring enhanced privacy when browsing the web.
• Configurable, system-wide DNS encryption.
• Can be enabled in Little Snitch Settings > DNS Encryption.
• Predefined configurations for the most popular DNS encryption services so you can get started with just a few mouse clicks.

Network Activity Monitoring

• Improved design of the Network Monitor user interface.
• Introducing a revamped traffic chart for clearer visualization and analysis of network activity.
• Versatile grouping options for connections in Network Monitor. Connections can now be grouped not only by process but alternatively also by domain/server or by country. So you can quickly see at a glance all apps to connect to a particular country or to a particular domain.
• All connections related to one app are now grouped under one entry in the connection list, including incoming connections and connections established via helper tools.
• Configurable traffic meter appearance: Choose between two types of traffic activity indicators – either a live meter showing the current activity (like in Little Snitch 5) and a new thumbnail chart showing a history of the last five minutes (like in Little Snitch Mini).
• Improved legibility of connection lines shown in the map.
• Display of named location labels in the map.
• Automatic updates of the Geolocation Database for enhanced accuracy and reliability.
• Improved display of App Extensions in the connection list.
• More powerful search and filter options.

Status Menu

• Revamped status menu, including an animated traffic chart, information about recent network activity and recently denied connections.
• Configurable traffic meter appearance: Like in Network Monitor you can now choose between two types of traffic activity indicators to be shown in the menu bar: Either a live meter showing the current activity and a new thumbnail chart showing a history of the last five minutes.

Creating and managing rules

• A new type of rules allows to show notifications in Notification Center whenever a certain kind of network activity occurs.
• Ability to create rules for “Any macOS Process” and “Any Simulator Process”.
• Local, editable rule groups, allowing you to organize rules by topic and enable or disable multiple related rules at once.
• Attach notes to newly created rules directly from within the connection alert.
• Rules now identify processes based on their cryptographic code signature, irrespective of their location in the file system. This makes rules resistant against moving or renaming apps. The previous, path-based identification is still available as an option.
• Bidirectional rules that match both incoming and outgoing connections from/to certain IP addresses or ranges.
• Improved Homebrew support. Rules for Homebrew executables are now independent of the version number, which is part of the executable path.

Sound Notifications

• Get an acoustic feedback whenever a certain kind of network activity occurs.
• Become aware of such network activity even when you are not actively watching the Network Monitor window or when you don‘t even watch your screen.
• Select from a fun variety of built-in notification sounds.
• Some of the sounds are modulated to also indicate the amount of data that is currently transferred.

Usage statistics for rules and blocklists

• See how often rules or blocklist entries have been used and when they were last used.
• Sort the rule list by “Last Used Date” or by “Usage Count”.
• The new “Unused” filter helps you quickly find rules that haven’t been used for quite a while.

Other new features and improvements

• Customization options to disable specific types of notifications from being shown in Notification Center.