Little Snitch can basically be run in one of three modes:
- Alert Mode: For those who want to be 100% sure that nothing leaves your computer unchecked.
- Silent Mode — Allow Connections: Recommended to new users.
- Silent Mode — Deny Connections: This mode is used only for special purposes.
In Alert Mode, Little Snitch shows a connection alert for every Internet access which is not yet covered by a rule. You can decide whether to allow or deny the connection by creating a rule for it. By default, rules are created for the entire destination domain of the connection, but you can change that.
Connection alerts may be annoying, especially during the first week and when you don’t have rules for connections to Apple in place. That’s why we recommend “Silent Mode — Allow Connections” for new users, at least for the first week.
Silent Mode — Allow Connections
In “Silent Mode — Allow Connections”, Little Snitch is mostly invisible to the user. It allows all network access which is not explicitly forbidden by a rule. Since the factory rule set does not contain any deny rules, Little Snitch behaves neutral after a new installation, it does not deny anything.
So, what’s the benefit of this, you may ask. Although you don’t deny anything yet, Network Monitor records every connection that occurs. Just open Network Monitor via keyboard shortcut (ctrl+⌥+⌘+M by default) or via the status menu to see what happened so far. Network Monitor lets you create rules for these connections easily. Allow or deny to your liking, but keep in mind that some things may stop working when you deny connections. Consult the Research Assistant in Network Monitor’s Inspector in order to get more information.
You may wish to switch to Alert Mode after a week or two, when you have created allow or deny rules for all connections that occurred so far. Connection alerts will be rare because you have already created rules for the most common types of connections.
Silent Mode — Deny Connections
This mode is similar to “Silent Mode — Allow Connections” as no connection alerts will be shown, but connections not covered by an explicit allow rule are denied. This mode may be useful for a server which is known to need a specific set of connections only. Once in a while you can check for connection attempts in Network Monitor which are not (yet) covered by a rule.
Was this help page useful? Send feedback.
© 2016-2021 by Objective Development Software GmbH