Help for Little Snitch

Please visit the Little Snitch Support page and enter your email address to retrieve your lost license key. Little Snitch Support > Lost License

Little Snitch license keys can be distinguished by their first two characters:

• Little Snitch 5 license keys begin with “35…”

• Little Snitch 4 license keys begin with “34…”.
  If the license was purchased after November 1, 2019, it’s also valid for version 5.

• Little Snitch 3 license keys begin with “33…”

• Little Snitch 2 license keys begin with “32…”

If you have a question or a problem related to your order, please contact our sales support team.

If you have purchased Little Snitch after November 1, 2019, you can already use that license to register Little Snitch 5 (no upgrade purchase required).

If you have purchased Little Snitch 4 before that date, you can get the upgrade at a reduced price.

Just buy a license for Little Snitch 5. This license is also valid for Little Snitch 4.

Delivering of the license key may take up to 15 minutes. Please also make sure the email is not in your spam folder. If you still did not receive the license key please contact our sales support team.

The number of required seats is either the number of computers or the number of persons using these computers — whichever number is lower. For example, an office with five employees and eight computers would need a 5-seat license to use Little Snitch on all computers.

A single license is valid for all your machines as long as you are the only user.

Of course! A family license is valid for up to five computers, used by people living in the same household.

Yes, student discounts for Little Snitch are available at the Student App Centre website.

Assuming you’ve downloaded the Little Snitch Disk Image (.dmg file) to your Downloads folder, open a new Terminal window and enter the following command to verify the cryptographic signature of the downloaded file:

If the result of this command is empty (no error message is shown), the file is intact and properly signed by Objective Development.

However, if an error message is shown (like “not signed at all” or “failed to satisfy specified code requirement(s)”), this indicates that the file was maliciously modified and is no longer signed by Objective Development. In that case you should NOT open the disk image file.

No, that’s not necessary and also not recommended (because this also removes your registration information).

However, your installed Little Snitch 4 version will then no longer be loaded on macOS Big Sur and must be upgraded to Little Snitch 5.

→ Download Little Snitch 5 for macOS Big Sur

When you upgrade to Little Snitch 5, the existing, outdated installation will be automatically removed (this requires a restart of the computer for one last time).

Your existing rules and settings from Little Snitch 4 will be preserved.

Yes, your existing rules from Little Snitch 4 will be preserved.

Little Snitch 4 should not be uninstalled prior to upgrading to macOS Big Sur to preserve your rules and your registration information.

Please visit our High Sierra Compatibility page for information about installing and running Little Snitch 4 on macOS High Sierra.

If your computer is managed by Jamf (usually if it’s used in a corporate environment), an incorrect System Policy configuration can cause the installation of the Little Snitch network extension to fail with the following error message: “The system policy prohibits activating the system extension.”

If you are encountering this problem please contact your system administrator and ask them to verify the configuration entry of the Little Snitch network extension:

If you also want to install the Little Snitch Endpoint Security system extension, make sure to add at.obdev.littlesnitch.endpointsecurity to the list of allowed extensions.

Little Snitch consists of multiple components. It is therefore essential to run the Little Snitch Uninstaller to make sure all components are removed from your system. Little Snitch automatically starts the uninstaller as soon as you move the Little Snitch Configuration application to the trash. Alternatively you can start the uninstaller manually from /Library/Little Snitch/Little Snitch Uninstaller.app.

The uninstaller lets you choose whether to remove or preserve user specific data (like rules and settings). If you want to remove those items manually, delete the following files and folders (the “~” tilde sign refers to your home folder):

• /Library/Application Support/Objective Development/Little Snitch

• ~/Library/Application Support/Little Snitch

• ~/Library/Preferences/at.obdev.LittleSnitchConfiguration.plist

• ~/Library/Preferences/at.obdev.LittleSnitchNetworkMonitor.plist

• ~/Library/Preferences/at.obdev.LittleSnitchInstaller.plist

Just move the Little Snitch application in Finder from your Applications folder to the trash.

This will completely remove all components of Little Snitch, including all its system extensions and helper tools.

Your configuration data (which is stored at /Library/Application Support/Objective Development/Little Snitch) will not be deleted. So if you decide to reinstall Little Snitch at a later point, your rules and preferences will still be in place.

This is a technical limitation of Apple Maps, the service that we are using for showing the map in Network Monitor. Apple’s Maps.app has the same limitation and doesn’t let you zoom out far enough to see a map of the whole world at once.

Starting with macOS 10.12 Sierra it’s possible to arrange third-party menu bar icons via Command-drag (hold down the Command key and drag the item to the desired position).

In previous OS versions, third-party menu bar icons are at fixed positions and can’t be moved. Third-party tools like Bartender make it possible to arrange the items also in OS versions before 10.12 but for security reasons Little Snitch can not be used with such tools.

If you just want to save space in your menu bar you can simply turn off Little Snitch’s menu bar icon. The functions in it can also be accessed in the Little Snitch Configuration application’s preferences and you can open the Network Monitor window also via a configurable keyboard shortcut.

No, sorry, this is currently not possible.

Open Little Snitch Configuration and choose File > Create Backup from the menu. This will create a backup file at the location of your choice. You can restore your rules from that file later via File > Restore from Backup.

Yes. Please retrieve the following configuration file from your backup:

/Library/Application Support/Objective Development/Little Snitch/configuration5.xpl

For Little Snitch version 4, the configuration file is:

/Library/Application Support/Objective Development/Little Snitch/configuration.xpl

You can then restore your rules from that file via Little Snitch > File > Restore from Backup (in case of Little Snitch 4: Little Snitch Configuration > File > Restore from Backup).

Since version 3 Little Snitch can also handle and filter incoming connections. They are labeled with this icon:

Open the Little Snitch application from your Applications folder, open Preferences > General and click the Stop button to turn off the Network Filter. Any network traffic will then be allowed, such as if Little Snitch wasn’t installed at all. If you are using the Little Snitch menu bar icon, you can also stop the filter by choosing Stop Network Filter from the menu.

By default, local network traffic is hidden in Little Snitch Network Monitor. If you want to see this traffic as well, you just have to enable “Show Local Network” in the Little Snitch Network Monitor menu.

When using Mission Control, there is the occasional problem that a connection alert does not appear on the current desktop, nor on all desktops, even though Little Snitch tells the system to do so. This was reported to us especially under macOS Ventura (at least up to version 13.0.1).

Since this is an issue in macOS that also affects other third-party applications and we cannot reproduce it on our test systems, we ask our users to report it to Apple via “Feedback Assistant.app”. This app is located on macOS Ventura in this path: /System/Library/CoreServices/Applications

Alternatively, Feedback Assistant can be found and launched via Spotlight. The program is self-explanatory.

To make sure you don’t miss any new versions that contain the latest bug fixes and improvements, you cannot disable these checks. This is critical because prerelease versions are not considered stable and still need testing before we’re confident in releasing them to all users.

If you want to downgrade from a prerelease version to the latest stable version, you can do so by downloading it from the website.

There are several possible causes for such behavior of Little Snitch.

First of all you really need to make sure that you have set the lifetime for the rule to “Forever“ when creating it (as opposed to “Once“, or “Until Quit“ etc.)

Then it’s also necessary that the path of the application (where it resides on your disk) remains unchanged. If you move an app to a different folder, the rules you created earlier for this app will cease to match.

Unfortunately the path of an application can also change without your explicit doing. If the path displayed in Little Snitch’s Network Alert contains parts like /private/var, it’s likely that the issue is related to the “Gatekeeper” functionality of macOS. See this blog post for further details.

Make sure to use a keyboard that’s directly connected to your computer (cable or Bluetooth). Changing the settings or entering the license key via any kind of remote access (e.g. Screen Sharing) will not work with the default security settings of Little Snitch.

Valid license keys for Little Snitch 4 start with “34…”, keys for version 3 start with “33…”. They are about 25 characters long.

When entering the license key, please copy and paste the key to avoid typos. If it still does not work, please contact our sales support team.

When a process attempts to connect to a particular IP address, Little Snitch uses a heuristics (based on previous DNS lookups, Deep Packet Inspection and more) to determine the corresponding hostname for that IP address to figure out which of your filter rules shall be applied.

In some rare cases this approach may be unable to find a unique hostname match for a given address. The connection alert will then only show the IP address for that connection, often together with a list of possible hostnames which all resolve to that same address.

Whenever Little Snitch blocks a particular connection, this is indicated in realtime in Little Snitch Network Monitor by a red flashing of that connection. You can right-click on such a connection and choose “Show Corresponding Rule” from the context menu to open the Little Snitch rules window and focus on the rule that’s responsible for this connection being denied.

Prey is installed under a separate user account (user: ‘prey’) on the system. In order to access its Little Snitch rules you have to open the Little Snitch Configuration as the user ‘prey’ by entering the following Terminal command (/Applications/Utilities/Terminal.app) and pressing Return:

After entering your admin password when prompted, you should be able to see the Little Snitch Configuration window with one or more rule suggestion(s) for the Prey process named “node“ in the Suggestions > “Login Connections“ category. Select one of the rules and click on the “More“ button at the top right of the suggestions list. In the appearing popup menu choose “Allow any connection“. After closing the Little Snitch Configuration and restarting your system, all connections for Prey will be allowed.

Please check the order of your preferred languages in System Preferences > Language & Region and make sure that English is further up in the list than German. After a restart Little Snitch should then be localized in English.

Little Snitch cannot stall certain kinds of incoming connections or data. Please see Little Snitch help, chapter “Incoming connections” for more information.

There’s a bug in macOS Ventura causing "Full Disk Access" to fail to work properly. As a result, "Full Disk Access" for the "Little Snitch Endpoint Security" cannot be granted, or is lost on every restart.

Until this has been fixed in an upcoming version of macOS, you can manually resolve this issue as follows:

1. Open "System Settings", click on "Privacy & Security", and navigate to "Full Disk Access".

2. Right-click the "Little Snitch Endpoint Security" item and choose "Show in Finder".

3. With the newly opened Finder window kept open, switch back to "System Settings".

4. Left-click the "Little Snitch Endpoint Security" in the list to select it.

5. Remove it by clicking the (-) minus button at the bottom of the list.

6. Switch back to the Finder window showing an item named "Little Snitch Endpoint Security" (other possible other items).

7. Select the "Little Snitch Endpoint Security" item and drag and drop it onto the "Full Disk Access" list in "System Settings".

At least one component of Little Snitch has not been updated correctly and most likely this is related to an issue with the kernel cache. As Little Snitch consists of multiple parts (including a kernel extension) it is necessary to update the kernel cache after the installation. Updating the kernel cache might reveal issues with third-party extensions. Please try to restart the system, run the Little Snitch Installer again. If the issue persists please generate a diagnostics report and contact our tech support team.

Little Snitch ignores simulated keystrokes and mouse clicks to make sure that malicious software cannot change your firewall settings by simulating user interaction.

Unfortunately this also affects software that allows you to access your Mac remotely (like TeamViewer, RealVNC, etc).

If you do need remote access Little Snitch, you have to enable the “Allow GUI Scripting access to Little Snitch” option in Little Snitch Configuration > Preferences > Security.

Little Snitch consists of multiple parts, some of them operating at a low level of the operating system, called the kernel. Little Snitch needs to trigger an update of kernel caches and requires a reboot during installation. Under rare circumstance this kernel cache update might fail, which may prevent your computer from starting.

If this happens during the installation of Little Snitch on your computer, please start it in safe mode by holding the Shift key (⇧) (you can find more information about safe mode here). If you are using OS X Yosemite or earlier, please repair your disk permissions using Disk Utilities.app (for detailed instructions see How & Why to repair disk permissions in OS X). As second step, start the Little Snitch Installer once again and perform a restart as instructed.

Usually this solves the issue. If you are still unable to start your computer, please get in touch with our tech support team.

Yes, Little Snitch 5 is available as a universal binary that runs on both Apple silicon and Intel-based Mac computers.

→ Download Little Snitch 5

Yes, Little Snitch 5.5 or newer is compatible with macOS 13 Ventura.

→ Download Little Snitch 5

Yes, Little Snitch 5.3.1 or newer is compatible with macOS 12 Monterey.

→ Download Little Snitch 5

Yes, Little Snitch 5 or newer is compatible with macOS 11 Big Sur.

→ Download Little Snitch 5

Yes, Little Snitch 4.4 up to version 4.6 is compatible with macOS 10.15 Catalina.

Important Note

Little Snitch 5 requires macOS 11 Big Sur and therefore can not be installed on macOS Catalina.

→ Download Little Snitch 4.6

Little Snitch 3.6.4 is the latest versions compatible with OS X 10.9 Mavericks.

→ Download Little Snitch 3.6.4

Little Snitch 4.5.2 and 3.8.2 are the latest versions compatible with macOS 10.13 High Sierra.

→ Download Little Snitch 4.5.2

→ Download Little Snitch 3.8.2

Little Snitch 3.3.4 is the latest version compatible with OS X 10.7 Lion.

→ Download Little Snitch 3.3.4

Little Snitch 4.5.2 is the latest version compatible with macOS 10.14 Mojave.

→ Download Little Snitch 4.5.2

Legacy versions of Little Snitch provide support back to OS X 10.2 Jaguar.

→ Download Legacy version of Little Snitch

Little Snitch 4.5.2 and 3.8.2 are the latest versions compatible with OS X 10.11 El Capitan.

→ Download Little Snitch 4.5.2

→ Download Little Snitch 3.8.2

Little Snitch 3.8.2 is the latest versions compatible with OS X 10.10 Yosemite.

→ Download Little Snitch 3.8.2

Little Snitch 3.3.4 is the latest version compatible with OS X 10.6 Snow Leopard.

→ Download Little Snitch 3.3.4

Little Snitch 3.3.4 is the latest version compatible with OS X 10.8 Mountain Lion.

→ Download Little Snitch 3.3.4

Little Snitch 4.5.2 and 3.8.2 are the latest versions compatible with macOS 10.12 Sierra.

→ Download Little Snitch 4.5.2

→ Download Little Snitch 3.8.2

Older versions of Little Snitch can be found on this page. Please try to use the most recent version of Little Snitch that supports your operating system.

Our entire team consists of longtime macOS developers and we love the Mac platform. It is therefore very unlikely that a version for a different platform will be available in the near future.

Only partially. The NVIDIA Web Drivers (as opposed to the original drivers provided by Apple) need to inject program code into running apps and Little Snitch (as some other apps like iBooks) do not allow that for security reasons. Therefore the Little Snitch Network Monitor can not show its inspector and map view.

Starting with macOS 10.15.4 the above “Legacy System Extension” message is shown when Little Snitch is installed.

Is there an update of Little Snitch that’s compatible with macOS 11 Big Sur?

Yes. The latest version 5 of Little Snitch is fully compatible with macOS 11 Big Sur. → Learn more…

Will I get the update for free?

If you have purchased a Little Snitch license after November 1, 2019, this license can also be used to register Little Snitch 5. If you purchased Little Snitch 4 before that date, you can get the upgrade at a reduced price.

Will Little Snitch 4 run on macOS 11 Big Sur?

Little Snitch 4 will not be loaded on macOS 11 Big Sur.

Unfortunately Apple’s regulations and submission guidelines do not allow applications like Little Snitch that operate on the system level on the iOS (iPhone, iPad, iPod touch), tvOS (Apple TV), or watchOS (Apple Watch) platforms.

No. Little Snitch 4 is using a Network Kernel Extension to perform its network filtering. Apple has discontinued the support for this type of kernel extensions on Apple Silicon Macs.

Little Snitch 5 has been updated to the new Network Extension technology instead, which is fully compatible with Apple Silicon Macs.

Little Snitch 4 is using a Network Kernel Extension to perform its network filtering. Apple has discontinued the support for this type of kernel extensions in macOS Big Sur. The system therefore refuses to load the unsupported extension.

Little Snitch 5 has been updated to the new Network Extension technology instead, which is fully compatible with macOS Big Sur.

No, Little Snitch 5 cannot be used on macOS Catalina. It requires macOS Big Sur or later. If you want to use Little Snitch on Catalina, you have to install version 4 instead.

→ Download Little Snitch 4

Background

Little Snitch 5 is based on Apple’s Network Extension framework, which replaces the previous kernel extension API, that is no longer supported on macOS Big Sur.

This framework is quite new. Although it already exists on macOS Catalina, some of the API that Little Snitch relies on was added to this framework only with the latest Catalina updates, still containing some bugs that have only been addressed in macOS Big Sur.