Please visit the Little Snitch Support page and enter your email address to retrieve your lost license key. Little Snitch Support > Lost License
Please visit the Little Snitch Support page and enter your email address to retrieve your lost license key. Little Snitch Support > Lost License
Little Snitch license keys can be distinguished by their first two characters:
Little Snitch 5 license keys begin with “35…”
Little Snitch 4 license keys begin with “34…”.
If the license was purchased after November 1, 2019, it’s also valid for version 5.
Little Snitch 3 license keys begin with “33…”
Delivering of the license key may take up to 15 minutes. Please also make sure the email is not in your spam folder. If you still did not receive the license key please contact our sales support team.
If you have purchased Little Snitch after November 1, 2019, you can already use that license to register Little Snitch 5 (no upgrade purchase required).
If you have purchased Little Snitch 4 before that date, you can get the upgrade at a reduced price.
A single license is valid for all your machines as long as you are the only user.
Of course! A family license is valid for up to five computers, used by people living in the same household.
The number of required seats is either the number of computers or the number of persons using these computers — whichever number is lower. For example, an office with five employees and eight computers would need a 5-seat license to use Little Snitch on all computers.
Assuming you’ve downloaded the Little Snitch Disk Image (.dmg file) to your Downloads folder, open a new Terminal window and enter the following command to verify the cryptographic signature of the downloaded file:
codesign --verify -R="anchor apple generic and certificate leaf[subject.OU] = MLZF7K7B5R" ~/Downloads/LittleSnitch*.dmg
If the result of this command is empty (no error message is shown), the file is intact and properly signed by Objective Development.
However, if an error message is shown (like “not signed at all” or “failed to satisfy specified code requirement(s)”), this indicates that the file was maliciously modified and is no longer signed by Objective Development. In that case you should NOT open the disk image file.
No, that’s not necessary and also not recommended (because this also removes your registration information).
However, your installed Little Snitch 4 version will then no longer be loaded on macOS Big Sur and must be upgraded to Little Snitch 5.
When you upgrade to Little Snitch 5, the existing, outdated installation will be automatically removed (this requires a restart of the computer for one last time).
Your existing rules and settings from Little Snitch 4 will be preserved.
Yes, your existing rules from Little Snitch 4 will be preserved.
Little Snitch 4 should not be uninstalled prior to upgrading to macOS Big Sur to preserve your rules and your registration information.
Please visit our High Sierra Compatibility page for information about installing and running Little Snitch 4 on macOS High Sierra.
Little Snitch consists of multiple components. It is therefore essential to run the Little Snitch Uninstaller to make sure all components are removed from your system. Little Snitch automatically starts the uninstaller as soon as you move the Little Snitch Configuration application to the trash. Alternatively you can start the uninstaller manually from /Library/Little Snitch/Little Snitch Uninstaller.app.
The uninstaller lets you choose whether to remove or preserve user specific data (like rules and settings). If you want to remove those items manually, delete the following files and folders (the “~” tilde sign refers to your home folder):
/Library/Application Support/Objective Development/Little Snitch/
~/Library/Application Support/Little Snitch/
Just move the Little Snitch application in Finder from your Applications folder to the trash.
This will completely remove all components of Little Snitch, including all its system extensions and helper tools.
IMPORTANT: Do not remove the Little Snitch app by any other means (like Terminal or some third party app-removal tool) because otherwise macOS won’t remove the Little Snitch system extension!
Your configuration data (which is stored at
/Library/Application Support/Objective Development/Little Snitch) will not be deleted. So if you decide to reinstall Little Snitch at a later point, your rules and preferences will still be in place.
Yes. Please retrieve one of the following files from your backup:
Complete Ruleset: /Library/Application Support/Objective Development/Little Snitch/configuration.xpl
You can then restore your rule from that file via Little Snitch Configuration > File > Restore from Backup.
Starting with macOS 10.12 Sierra it’s possible to arrange third-party menu bar icons via Command-drag (hold down the Command key and drag the item to the desired position).
In previous OS versions, third-party menu bar icons are at fixed positions and can’t be moved. Third-party tools like Bartender make it possible to arrange the items also in OS versions before 10.12 but for security reasons Little Snitch can not be used with such tools.
If you just want to save space in your menu bar you can simply turn off Little Snitch’s menu bar icon. The functions in it can also be accessed in the Little Snitch Configuration application’s preferences and you can open the Network Monitor window also via a configurable keyboard shortcut.
Open Little Snitch Configuration and choose File > Create Backup from the menu. This will create a backup file at the location of your choice. You can restore your rules from that file later via File > Restore from Backup.
By default, local network traffic is hidden in Little Snitch Network Monitor. If you want to see this traffic as well, you just have to enable “Show Local Network” in the Little Snitch Network Monitor menu.
This is a technical limitation of Apple Maps, the service that we are using for showing the map in Network Monitor. Apple’s Maps.app has the same limitation and doesn’t let you zoom out far enough to see a map of the whole world at once.
Open the Little Snitch application from your Applications folder, open Preferences > General and click the Stop button to turn off the Network Filter. Any network traffic will then be allowed, such as if Little Snitch wasn’t installed at all. If you are using the Little Snitch menu bar icon, you can also stop the filter by choosing “Stop Network Filter” from the menu.
Since version 3 Little Snitch can also handle and filter incoming connections. They are labeled with this icon:
No, sorry, this is currently not possible.
When one of the following apps is started while the Little Snitch Network Extension is active, macOS Big Sur 11.0.1 may freeze and restart with a kernel panic. Most of these panics were fixed on Big Sur 11.1, but not all.
Wine (Windows emulator) and apps based on Wine.
Plex Media Server.
macports (during package list update). This panic may still happen on Big Sur 11.1.
The panic seems to be triggered by a broadcast message. The panic log reads like this:
These panics are a bug in kernel of the operating system and can only be fixed by Apple.
In the meantime, until Apple has fixed the problem, you may want to downgrade to Little Snitch 4.6. See this FAQ for instructions how to make Little Snitch 4.6 run on macOS Big Sur.
There is a bug in macOS Big Sur 11.0.1 where VPNs of type Cisco IPSec won’t work when a Network Extension is installed. This affects Little Snitch 5 (not older versions!) and many other products based on Network Extensions. The VPN will connect successfully, but no data is transferred.
The bug has been reported to Apple and will be fixed in macOS 11.1.
If you rely on this type of VPN, please consider installing Little Snitch 4.6, which is based on a Network Kernel Extension and is therefore not affected.
See this FAQ for instructions how to make Little Snitch 4.6 run on macOS Big Sur.
There are several possible causes for such behavior of Little Snitch.
First of all you really need to make sure that you have set the lifetime for the rule to “Forever“ when creating it (as opposed to “Once“, or “Until Quit“ etc.)
Then it’s also necessary that the path of the application (where it resides on your disk) remains unchanged. If you move an app to a different folder, the rules you created earlier for this app will cease to match.
Unfortunately the path of an application can also change without your explicit doing. If the path displayed in Little Snitch’s Network Alert contains parts like /private/var, it’s likely that the issue is related to the “Gatekeeper” functionality of macOS. See this blog post for further details.
Make sure to use a keyboard that’s directly connected to your computer (cable or Bluetooth). Changing the settings or entering the license key via any kind of remote access (e.g. Screen Sharing) will not work with the default security settings of Little Snitch.
Please check the order of your preferred languages in System Preferences > Language & Region and make sure that English is further up in the list than German. After a restart Little Snitch should then be localized in English.
Valid license keys for Little Snitch 4 start with “34…”, keys for version 3 start with “33…”. They are about 25 characters long.
When entering the license key, please copy and paste the key to avoid typos. If it still does not work, please contact our sales support team.
Little Snitch consists of multiple parts, some of them operating at a low level of the operating system, called the kernel. Little Snitch needs to trigger an update of kernel caches and requires a reboot during installation. Under rare circumstance this kernel cache update might fail, which may prevent your computer from starting.
If this happens during the installation of Little Snitch on your computer, please start it in safe mode by holding the Shift key (⇧) (you can find more information about safe mode here). If you are using OS X Yosemite or earlier, please repair your disk permissions using Disk Utilities.app (for detailed instructions see How & Why to repair disk permissions in OS X). As second step, start the Little Snitch Installer once again and perform a restart as instructed.
Usually this solves the issue. If you are still unable to start your computer, please get in touch with our tech support team.
Whenever Little Snitch blocks a particular connection, this is indicated in realtime in Little Snitch Network Monitor by a red flashing of that connection. You can right-click on such a connection and choose “Show Corresponding Rule” from the context menu to open the Little Snitch rules window and focus on the rule that’s responsible for this connection being denied.
At least one component of Little Snitch has not been updated correctly and most likely this is related to an issue with the kernel cache. As Little Snitch consists of multiple parts (including a kernel extension) it is necessary to update the kernel cache after the installation. Updating the kernel cache might reveal issues with third-party extensions. Please try to restart the system, run the Little Snitch Installer again. If the issue persists please generate a diagnostics report and contact our tech support team.
Little Snitch ignores simulated keystrokes and mouse clicks to make sure that malicious software cannot change your firewall settings by simulating user interaction.
Unfortunately this also affects software that allows you to access your Mac remotely (like TeamViewer, RealVNC, etc).
If you do need remote access Little Snitch, you have to enable the “Allow GUI Scripting access to Little Snitch” option in Little Snitch Configuration > Preferences > Security.
Prey is installed under a separate user account (user: ‘prey’) on the system. In order to access its Little Snitch rules you have to open the Little Snitch Configuration as the user ‘prey’ by entering the following Terminal command (/Applications/Utilities/Terminal.app) and pressing Return:
sudo -u prey /Applications/Little\ Snitch\ Configuration.app/Contents/MacOS/Little\ Snitch\ Configuration
After entering your admin password when prompted, you should be able to see the Little Snitch Configuration window with one or more rule suggestion(s) for the Prey process named “node“ in the Suggestions > “Login Connections“ category. Select one of the rules and click on the “More“ button at the top right of the suggestions list. In the appearing popup menu choose “Allow any connection“. After closing the Little Snitch Configuration and restarting your system, all connections for Prey will be allowed.
Little Snitch cannot stall certain kinds of incoming connections or data. Please see Little Snitch help, chapter “Incoming connections” for more information.
To make sure you don’t miss any new versions that contain the latest bug fixes and improvements, you cannot disable these checks. This is critical because prerelease versions are not considered stable and still need testing before we’re confident in releasing them to all users.
If you want to downgrade from a prerelease version to the latest stable version, you can do so by downloading it from the website.
This is due to a limitation in Apple’s Network Extension API, which surprisingly whitelists a number of system services like Maps, FaceTime, App Store or Software Update and therefore doesn’t report the network activity of these services to third-party application firewalls.
The use of this new API is now mandatory for third-party developers on macOS Big Sur, because Apple no longer supports the previous kernel extension based approach, which didn’t suffer from this limitation.
We’ve been investigating a solution in Little Snitch to make these whitelisted connections visible by means of alternative techniques. This solution is already available in our latest nightly build of Little Snitch 5.1.
There’s an ongoing discussion about this problem in various online media, and we assume that Apple will address these concerns in a future macOS update. See our blog article to learn more about this topic.
UPDATE: This issue will will be resolved in macOS Big Sur 11.2 (which is currently in beta). Apple has removed this whitelist completely, allowing third-party firewalls like Little Snitch to reliably monitor and filter any network traffic.
Up until macOS 11.1 the whitelist inlcudes the following macOS processes:
When a process attempts to connect to a particular IP address, Little Snitch uses a heuristics (based on previous DNS lookups, Deep Packet Inspection and more) to determine the corresponding hostname for that IP address to figure out which of your filter rules shall be applied.
In some rare cases this approach may be unable to find a unique hostname match for a given address. The connection alert will then only show the IP address for that connection, often together with a list of possible hostnames which all resolve to that same address.
Some users are experiencing very high memory usage (up to several GB of RAM) in some components of Little Snitch (Network Extension, Network Monitor, Endpoint Security). We are currently investigating the cause of this problem.
If you do experience this issue, please quit the affected process via Activity Monitor.
Note that quitting the Network Extension may cause some subsequent connection alerts to show only the connection’s IP address instead of the hostname.
Yes, Little Snitch 5 is available as a universal binary that runs on both Apple silicon and Intel-based Mac computers.
Yes, Little Snitch 4.4 up to version 4.6 is compatible with macOS 10.15 Catalina.
Little Snitch 5 requires macOS 11 Big Sur and therefore can not be installed on macOS Catalina.
Little Snitch 4.5.2 is the latest version compatible with macOS 10.14 Mojave.
Little Snitch 3.8.2 is the latest versions compatible with OS X 10.10 Yosemite.
Little Snitch 3.6.4 is the latest versions compatible with OS X 10.9 Mavericks.
Little Snitch 3.3.4 is the latest version compatible with OS X 10.8 Mountain Lion.
Little Snitch 3.3.4 is the latest version compatible with OS X 10.7 Lion.
Little Snitch 3.3.4 is the latest version compatible with OS X 10.6 Snow Leopard.
Legacy versions of Little Snitch provide support back to OS X 10.2 Jaguar.
Older versions of Little Snitch can be found on this page. Please try to use the most recent version of Little Snitch that supports your operating system.
Unfortunately Apple’s regulations and submission guidelines do not allow applications like Little Snitch that operate on the system level on the iOS (iPhone, iPad, iPod touch), tvOS (Apple TV), or watchOS (Apple Watch) platforms.
Our entire team consists of longtime macOS developers and we love the Mac platform. It is therefore very unlikely that a version for a different platform will be available in the near future.
Only partially. The NVIDIA Web Drivers (as opposed to the original drivers provided by Apple) need to inject program code into running apps and Little Snitch (as some other apps like iBooks) do not allow that for security reasons. Therefore the Little Snitch Network Monitor can not show its inspector and map view.
Starting with macOS 10.15.4 the above “Legacy System Extension” message is shown when Little Snitch is installed.
Yes. The latest version 5 of Little Snitch is fully compatible with macOS 11 Big Sur. → Learn more…
If you have purchased a Little Snitch license after November 1, 2019, this license can also be used to register Little Snitch 5. If you purchased Little Snitch 4 before that date, you can get the upgrade at a reduced price.
Little Snitch 4 will not be loaded on macOS 11 Big Sur by default, but for the time being there’s an option to manually override this system default.
No, Little Snitch 5 cannot be used on macOS Catalina. It requires macOS Big Sur or later. If you want to use Little Snitch on Catalina, you have to install version 4 instead.
Little Snitch 5 is based on Apple’s Network Extension framework, which replaces the previous kernel extension API, that is no longer supported on macOS Big Sur.
This framework is quite new. Although it already exists on macOS Catalina, some of the API that Little Snitch relies on was added to this framework only with the latest Catalina updates, still containing some bugs that have only been addressed in macOS Big Sur.
Little Snitch 4 is using a Network Kernel Extension to perform its network filtering. Apple has discontinued the support for this type of kernel extensions in macOS Big Sur. The system therefore refuses to load the unsupported extension.
Little Snitch 5 has been updated to the new Network Extension technology instead, which is fully compatible with macOS Big Sur.
For the time being, it is still possible to circumvent this limitation by modifying the system configuration of macOS Big Sur. Learn more…
No. Little Snitch 4 is using a Network Kernel Extension to perform its network filtering. Apple has discontinued the support for this type of kernel extensions on Apple Silicon Macs.
Little Snitch 5 has been updated to the new Network Extension technology instead, which is fully compatible with Apple Silicon Macs.
Enter the email address from your order and we’ll resend your license key.