Upgrade from Little Snitch 3

If you have been using Little Snitch 3 before, you will soon feel comfortable with the new version because the basic concepts are the same. However, there are some subtle changes.

What’s different?

Silent Mode

Silent Mode, which was a feature of Little Snitch Configuration, is now implemented in Network Monitor. This has the consequence that Silent Mode becomes almost useless if you don’t have Network Monitor active.

Silent Mode is now recommended for new users during the first week because it saves annoying alerts and rules can be selectively created at process, domain or host level.

Connection alert with less details

Our default settings now suppress port and protocol information in the connection alert. We think that the decision whether to allow or deny a connection should be based primarily on how much you trust the developer of the process and the owner of the remote computer. We therefore focus on process name and remote domain name.

If you want back the old behavior, change the Alert Preferences.

Rules are created effective In all profiles

The connection alert does not create new rules in the current profile any more, it creates them effective in all profiles by default. There’s now a new option in the alert, the Profile Button, which lets you choose to create the rule in the current profile. You can even change the default for this button in the Alert Preferences.

Rules in profiles do not have increased priority

In Little Snitch 3, rules in profiles had higher priority than all the rules effective in all profiles. This behavior made special profiles such as a “Deny Everything” profile possible, but it led to confusion as a rule’s behavior changed when it was moved to a profile.

In Little Snitch 4, increased priority can be assigned independent of profiles. Right-click the rule in Little Snitch Configuration and choose Increase Priority. We still recommend that you avoid priority rules effective in all profiles, but at least not all rules in profiles need to be prioritized.

Server names are always unique

Little Snitch 4 is much better in determining the correct server name. Consequently, it always uses a single name or no name at all. This solves problems where denying an ad-server also blocked legitimate content served from the same Internet address.

Network Monitor shows connections in three level hierarchy

In the Connection List, there is now an intermediate level when showing connection details for a process: Servers are grouped by domain. This makes the second disclosure level clearer and the domain is often all you want to know.

Light design

Network Monitor’s design is now light by default, not dark as in Little Snitch 3. If you are used to the dark design and don't want to miss it, choose View > Appearance > Dark in Network Monitor’s main menu. This option is only available until macOS High Sierra (10.13), because starting with Mojave (10.14) you can just switch your whole system to dark mode.

Network Monitor has a Dock icon

While Network Monitor has any windows open, it shows a Dock icon, has a menu bar at the top of the screen and can be selected when using the command+tab shortcut. The Dock icon is hidden again when you close the last window.

What’s new?

Rule Management in Network Monitor

The new Network Monitor has Rule Management built into the Connection List. This is the most convenient way to create rules for all of your connections, although it is not possible to create rules for Any Process or rules matching only a particular port or protocol.

Try it! Just one click to make a rule! And seeing all connections made so far, it’s easy to decide whether to create a server-, domain- or any-connection-rule.

New Map View

Network Monitor has a Map View, showing connections with their endpoints at their geographic locations. Locations are derived from Internet addresses.

Connection alert can be minimized

If the connection alert interrupts you in the middle of your work and your work does not depend on the connection, you can postpone your response and minimize the alert.

Research Assistant in all components

You probably know the Research Assistant from the connection alert in Little Snitch 3. It is now available in Network Monitor and Little Snitch Configuration as well.

Process identity checks

Little Snitch rules are now protected against process path spoofs. If malware replaces a process with a malicious one, rules for the original process will no longer be effective. See Process identity checks for details.

New module for Research Assistant

Information displayed in the Research Assistant can now be shipped with every application as an Internet Access Policy. Application developers should know best what a particular connection is good for.

Profiles can switch operation mode

When a profile is activated, it can change the operation mode.