Help for Little Snitch

Please visit the Little Snitch Support page and enter your email address to retrieve your lost license key. Little Snitch Support > Lost License

Little Snitch license keys can be distinguished by their first two characters:

• Little Snitch 6 license keys begin with “36…”

• Little Snitch 5 license keys begin with “35…”
  If the license was purchased after January 1, 2024, it’s also valid for version 6.

• Little Snitch 4 license keys begin with “34…”.
  If the license was purchased after November 1, 2019, it’s also valid for version 5.

• Little Snitch 3 license keys begin with “33…”

• Little Snitch 2 license keys begin with “32…”

If you have a question or a problem related to your order, please get in touch with our sales support team.

If you have purchased Little Snitch after January 1, 2024, you can already use that license to register Little Snitch 6 (no upgrade purchase required).

If you have purchased Little Snitch 5 before that date, you can get the upgrade at a reduced price.

Just buy a license for Little Snitch 6. This license is also valid for Little Snitch 5.

Licenses for Little Snitch 4 can no longer be purchased directly from our web shop. If you do need a license for an older version of Little Snitch, please get in touch with our sales support.

Delivering of the license key may take up to 15 minutes. Please also make sure the email is not in your spam folder. If you still did not receive the license key please contact our sales support team.

The number of required seats is either the number of computers or the number of persons using these computers — whichever number is lower. For example, an office with five employees and eight computers would need a 5-seat license to use Little Snitch on all computers.

A single license is valid for all your machines as long as you are the only user.

Of course! A family license is valid for up to five computers, used by people living in the same household.

Yes, student discounts for Little Snitch are available at the Student App Centre website.

Assuming you’ve downloaded the Little Snitch Disk Image (.dmg file) to your Downloads folder, open a new Terminal window and enter the following command to verify the cryptographic signature of the downloaded file:

codesign --verify -R="anchor apple generic and certificate leaf[subject.OU] = MLZF7K7B5R" ~/Downloads/LittleSnitch*.dmg

If the result of this command is empty (no error message is shown), the file is intact and properly signed by Objective Development.

However, if an error message is shown (like “not signed at all” or “failed to satisfy specified code requirement(s)”), this indicates that the file was maliciously modified and is no longer signed by Objective Development. In that case you should NOT open the disk image file.

No, that’s not necessary and also not recommended (because this also removes your registration information).

However, your installed Little Snitch 4 version will not be compatible with newer versions of macOS (11 and later) and must be upgraded.

When you upgrade to a newer version of Little Snitch, the existing, outdated installation will be automatically removed (this requires a restart of the computer for one last time).

Your existing rules and settings from Little Snitch 4 will be preserved.

Yes, your existing rules from Little Snitch 4 will be preserved.

Little Snitch 4 should not be uninstalled prior to upgrading to macOS Big Sur to preserve your rules and your registration information.

Please visit our High Sierra Compatibility page for information about installing and running Little Snitch 4 on macOS High Sierra.

If your computer is managed by Jamf (usually if it’s used in a corporate environment), an incorrect System Policy configuration can cause the installation of the Little Snitch network extension to fail with the following error message: “The system policy prohibits activating the system extension.”

If you are encountering this problem please contact your system administrator and ask them to verify the configuration entry of the Little Snitch network extension:

If you also want to install the Little Snitch Endpoint Security system extension, make sure to add at.obdev.littlesnitch.endpointsecurity to the list of allowed extensions.

Just move the Little Snitch application in Finder from your Applications folder to the trash.

This will completely remove all components of Little Snitch, including all its system extensions and helper tools.

Your configuration data (which is stored at /Library/Application Support/Objective Development/Little Snitch) will not be deleted. So if you decide to reinstall Little Snitch at a later point, your rules and settings will still be in place.

Usually it should be sufficient to move the Little Snitch application to the trash in order to uninstall it. Unfortunately, Apple has introduced two bugs in macOS 15.3 causing this method not to work anymore.

You now first have to manually delete the Little Snitch Network Extension:

1. Open System Settings.

2. Select General > Login Items & Extensions.

3. Scroll down to the Extensions section.

4. Click the i icon next to “Network Extensions”.

5. Click the action icon (three dots) and choose “Delete Extension” from the menu.

If you also have the Endpoint Security extension installed, delete this extension as well by clicking the i icon next to “Endpoint Security Extensions” and deleting the extension there.

Now you can move the app to the Trash in Finder.

Little Snitch consists of multiple components. It is therefore essential to run the Little Snitch Uninstaller to make sure all components are removed from your system. Little Snitch automatically starts the uninstaller as soon as you move the Little Snitch Configuration application to the trash. Alternatively you can start the uninstaller manually from /Library/Little Snitch/Little Snitch Uninstaller.app.

The uninstaller lets you choose whether to remove or preserve user specific data (like rules and settings). If you want to remove those items manually, delete the following files and folders (the “~” tilde sign refers to your home folder):

• /Library/Application Support/Objective Development/Little Snitch

• ~/Library/Application Support/Little Snitch

• ~/Library/Preferences/at.obdev.LittleSnitchConfiguration.plist

• ~/Library/Preferences/at.obdev.LittleSnitchNetworkMonitor.plist

• ~/Library/Preferences/at.obdev.LittleSnitchInstaller.plist

Downgrading from Little Snitch 6 to Little Snitch 5 is possible and restores your configuration to the state it was in before the upgrade, i.e. all changes in 6 are lost (except for traffic history).

You can do the downgrade by installing Little Snitch 5 from the DMG file from our web server over the existing Little Snitch 6 installation.

Remember to quit the Little Snitch 6 app if it is running, otherwise macOS cannot overwrite it in the Applications folder.

Automatic Profile Switching in Little Snitch lets you define firewall rule sets (profiles) for different network environments, such as home, work, or public Wi‑Fi. When you connect to a network, Little Snitch automatically detects the change and switches to the corresponding profile.

To correctly identify these network changes, Little Snitch must determine the name of the connected Wi‑Fi network, known as the SSID.

On macOS, retrieving the SSID is considered a location-based action because it can hint at the computer’s location. Prior to macOS 15 (Sequoia), third-party apps could access this information without user consent. However, Apple has now restricted this access for privacy reasons, so users must explicitly grant Location Services permission. Without this permission, Little Snitch cannot use the API to retrieve the SSID and detect Wi‑Fi network changes.

This is a technical limitation of Apple Maps, the service that we are using for showing the map in Network Monitor. Apple’s Maps.app has the same limitation and doesn’t let you zoom out far enough to see a map of the whole world at once.

In macOS it’s possible to change the order of icons in the menu bar via Command-drag (hold down the Command key and drag the item to the desired position).

If you want to save some space in your menu bar you can also turn off the menu bar icon of Little Snitch completely. Options like choosing the operation mode or selecting profiles are then still accessible in the Settings window of the Little Snitch app, and the Network Monitor window can still be opened via a configurable keyboard shortcut.

No, sorry, this is currently not possible.

Open Little Snitch Configuration and choose File > Create Backup from the menu. This will create a backup file at the location of your choice. You can restore your rules from that file later via File > Restore from Backup.

Yes. Please retrieve the following configuration file from your backup:

Little Snitch 6

/Library/Application Support/Objective Development/Little Snitch/configuration6.xpl

Little Snitch 5

/Library/Application Support/Objective Development/Little Snitch/configuration5.xpl

Little Snitch 4

/Library/Application Support/Objective Development/Little Snitch/configuration.xpl

You can then restore your rules from that file via Little Snitch > File > Restore from Backup (in case of Little Snitch 4: Little Snitch Configuration > File > Restore from Backup).

Yes, Little Snitch can handle and filter both outgoing and incoming connections.

Incoming connections are labeled with this icon:

Open Little Snitch from your Applications folder, in the Little Snitch menu open Settings and there under General click on the Network Filter button to turn off the network filter. All network connections will then be allowed as if Little Snitch was not installed. If you are using the Little Snitch menu bar icon, you can also stop the network filter by clicking on the Filter icon at the top right of the menu and selecting Disable.

By default, local network traffic is hidden in Little Snitch Network Monitor. If you want to see this traffic as well, you just have to enable the Show Local Network option in the View menu of Little Snitch Network Monitor.

To make sure you don’t miss any new versions that contain the latest bug fixes and improvements, you cannot disable these checks. This is critical because prerelease versions like nightly builds or beta versions are not considered stable and still need testing before we’re confident in releasing them to all users.

If you want to downgrade from a prerelease version to the latest stable version, you can do so by downloading it from the website.

There are several possible causes for such behavior of Little Snitch.

First of all you really need to make sure that you have set the lifetime for the rule to “Forever“ when creating it (as opposed to “Once“, or “Until Quit“ etc.)

Then it’s also necessary that the path of the application (where it resides on your disk) remains unchanged. If you move an app to a different folder, the rules you created earlier for this app will cease to match.

Unfortunately the path of an application can also change without your explicit doing. If the path displayed in Little Snitch’s Network Alert contains parts like /private/var, it’s likely that the issue is related to the “Gatekeeper” functionality of macOS. See this blog post for further details.

Make sure to use a keyboard that’s directly connected to your computer (cable or Bluetooth). Changing the settings or entering the license key via any kind of remote access (e.g. Screen Sharing) will not work with the default security settings of Little Snitch.

To avoid possible typos when entering the license key, please copy and paste the key from the email that you’ve received after your purchase. If it still does not work, please contact our sales support team.

When a process attempts to connect to a particular IP address, Little Snitch uses a heuristics (based on previous DNS lookups, Deep Packet Inspection and more) to determine the corresponding hostname for that IP address to figure out which of your filter rules shall be applied.

In some rare cases this approach may be unable to find a unique hostname match for a given address. The connection alert will then only show the IP address for that connection, often together with a list of possible hostnames which all resolve to that same address.

Whenever Little Snitch blocks a particular connection, this is indicated in realtime in Little Snitch Network Monitor by a red flashing of that connection. You can right-click on such a connection and choose “Show Corresponding Rule” from the context menu to open the Little Snitch rules window and focus on the rule that’s responsible for this connection being denied.

Prey is installed under a separate user account (user: ‘prey’) on the system. In order to access its Little Snitch rules you have to open the Little Snitch Configuration as the user ‘prey’ by entering the following Terminal command (/Applications/Utilities/Terminal.app) and pressing Return:

sudo -u prey /Applications/Little\ Snitch\ Configuration.app/Contents/MacOS/Little\ Snitch\ Configuration

After entering your admin password when prompted, you should be able to see the Little Snitch Configuration window with one or more rule suggestion(s) for the Prey process named “node“ in the Suggestions > “Login Connections“ category. Select one of the rules and click on the “More“ button at the top right of the suggestions list. In the appearing popup menu choose “Allow any connection“. After closing the Little Snitch Configuration and restarting your system, all connections for Prey will be allowed.

Please check the order of your preferred languages in System Settings > Language & Region and make sure that English is further up in the list than German. After a restart Little Snitch should then be localized in English.

Little Snitch cannot stall certain kinds of incoming connections or data. Please see Little Snitch help, chapter “Incoming connections” for more information.

There’s a bug in macOS Ventura causing “Full Disk Access” sometimes to fail to work properly. As a result, “Full Disk Access” for the “Little Snitch Endpoint Security” system extension cannot be granted or is lost on every restart.

Until this is fixed in a newer version of macOS, you can manually resolve the issue as follows:

1. Open “System Settings”, click on “Privacy & Security”, and navigate to “Full Disk Access.”

2. Right-click the “Little Snitch Endpoint Security” item and choose “Show in Finder.”

3. With the newly opened Finder window kept open, switch back to “System Settings.”

4. Left-click the “Little Snitch Endpoint Security” item in the list to select it.

5. Remove it by clicking the (–) minus button at the bottom of the list.

6. Switch back to the Finder window displaying an item named “Little Snitch Endpoint Security” (there may be other items).

7. Select the “Little Snitch Endpoint Security” item and drag and drop it onto the “Full Disk Access” list in “System Settings.”

At least one component of Little Snitch has not been updated correctly and most likely this is related to an issue with the kernel cache. As Little Snitch consists of multiple parts (including a kernel extension) it is necessary to update the kernel cache after the installation. Updating the kernel cache might reveal issues with third-party extensions. Please try to restart the system, run the Little Snitch Installer again. If the issue persists please generate a diagnostics report and contact our tech support team.

Little Snitch by default ignores simulated keystrokes and mouse clicks to make sure that malicious software cannot change your firewall settings by simulating user interaction.

Unfortunately this also affects software that allows you to access your Mac remotely (like TeamViewer, RealVNC, etc).

If you do need remote access to Little Snitch, you have to enable the “Allow GUI Scripting access to Little Snitch” option in Little Snitch > Settings > Security.

We seek to ensure that latest version of Little Snitch is always compatible with the latest versions of macOS (typically including at least one or two of the previous major versions).

The only exception may be the period immediately after a new major macOS release, during which it may be necessary to make adjustments to Little Snitch and provide them in the form of an update.

For older versions of macOS we provide compatible downloads of previous Little Snitch versions.

→ Download the latest version of Little Snitch
→ Download previous versions of Little Snitch

Here is an overview of the latest Little Snitch versions available for each macOS Version:

macOS 15 (Sequoia)
Little Snitch 6 (current version)
Little Snitch 5.8

macOS 14 (Sonoma)
Little Snitch 6 (current version)
Little Snitch 5.7.6

macOS 13 (Ventura)
Little Snitch 5.7.6

macOS 12 (Monterey)
Little Snitch 5.7.6

macOS 11 (Big Sur)
Little Snitch 5.7.6

macOS 10.15 (Catalina)
Little Snitch 4.6.1

macOS 10.14 (Mojave)
Little Snitch 4.5.2

macOS 10.13 (High Sierra)
Little Snitch 4.5.2
Little Snitch 3.8.2

macOS 10.12 (Sierra)
Little Snitch 4.5.2
Little Snitch 3.8.2

OS X 10.11 (El Capitan)
Little Snitch 4.5.2
Little Snitch 3.8.2

OS X 10.10 (Yosemite)
Little Snitch 3.8.2

OS X 10.9 (Mavericks)
Little Snitch 3.6.4

OS X 10.8 (Mountain Lion)
Little Snitch 3.3.4
Little Snitch 2.5.4

OS X 10.7 (Lion)
Little Snitch 3.3.4
Little Snitch 2.5.4

OS X 10.6.8 (Snow Leopard)
Little Snitch 3.3.4
Little Snitch 2.5.4

OS X 10.5 (Leopard)
Little Snitch 2.5.4

OS X 10.4 (Tiger)
Little Snitch 2.5.4
Little Snitch 1.2.4

OS X 10.3 (Panther)
Little Snitch 1.2.4

OS X 10.2 (Jaguar)
Little Snitch 1.2.4

Yes, starting with version 5, Little Snitch is available as a universal binary that runs on both Apple silicon and Intel-based Mac computers.

→ Download Little Snitch

Older versions of Little Snitch can be found on this page. Please try to use the most recent version of Little Snitch that supports your operating system.

Unfortunately Apple’s regulations and submission guidelines do not allow applications like Little Snitch that operate on the system level on the iOS (iPhone, iPad, iPod touch), tvOS (Apple TV), or watchOS (Apple Watch) platforms.

Our entire team consists of longtime macOS developers and we love the Mac platform. It is therefore very unlikely that a version for a different platform will be available in the near future.

No. Little Snitch 4 is using a Network Kernel Extension to perform its network filtering. Apple has discontinued the support for this type of kernel extensions on Apple Silicon Macs.

Starting with version 5, Little Snitch is therefore using the Network Extension technology instead, which is fully compatible with Apple Silicon Macs.

Little Snitch 4 is using a Network Kernel Extension to perform its network filtering. Apple has discontinued the support for this type of kernel extensions in macOS Big Sur. The system therefore refuses to load the unsupported extension.

Starting with version 5, Little Snitch is therefore using the Network Extension technology instead, which is fully compatible with macOS Big Sur and later.

No, Little Snitch 5 cannot be used on macOS Catalina. It requires macOS Big Sur or later. If you want to use Little Snitch on Catalina, you have to install version 4 instead.

→ Download Little Snitch 4

Background

Starting with version 5, Little Snitch is therefore using Apple’s Network Extension framework, which replaces the previous kernel extension API, that is no longer supported on macOS Big Sur.