Rule suggestions

In some cases, Little Snitch automatically creates a rule for you, e.g. if you have selected Alert Mode but it was impossible to show an alert. These rules are often temporary rules. They are usually already expired when you open Little Snitch Configuration, but they contain valuable information about connections which were automatically allowed or denied and you might want to turn them into permanent rules. Little Snitch therefore preserves these expired rules as rule templates for you. They are available in the Suggestions section of Little Snitch Configuration.

Rules which require your attention, e.g. because they are invalid or redundant are also listed under Suggestions.

Suggestions Section

Types of suggestions

Expired temporary rules created by you. Instead of deleting these rules, Little Snitch lists them as suggestions because you may want to turn some of them into permanent rules.
Temporary rules for connections which occurred before you logged in to your computer. Little Snitch denied these connections, short of a possibility to ask.
Redundant Rules. You may want to delete them.
Rules with unnecessary priority. You may want to lower the priority.
Temporary rules that were automatically created after an alert timeout. Alert timeouts are off by default and can be enabled in Preferences > Alert > “Confirm connection alert automatically”.
Temporary deny rules which were created automatically while an application captured the entire screen (like game often do) and Little Snitch could not show a connection alert. You probably won’t see the suggestion before the rule has expired.
Temporary deny rules for incoming UDP and ICMP packets. Since it is not possible to show a connection alert for incoming UDP and ICMP packets for technical reasons, they are immediately denied and a notification is shown in the system’s Notification Center.
Rules which do not check the process identity or match untrusted processes. Consider enabling the check for these rules.
Rules that were created to prevent further network communication in case of a failed process identity check.
Automatically created “localnet” rules for untrusted processes. You should review these rules and decide whether the process is legitimate and whether you want to allow or deny access. This automatism can be disabled in Preferences > Security > “Ignore code signature for connections to local network”.
Rules for connections which occurred during Permissive Mode. If you restart your computer in permissive mode, Little Snitch automatically creates rules for all connections that occur before you log in. You should review them and decide whether they are necessary to allow you to log in.