Little Snitch Help

Operation modes

Basically, Little Snitch can be run in one of three modes:

Alert Mode

In Alert Mode, Little Snitch shows a connection alert for every Internet access which is not yet covered by a rule. You can decide whether to allow or deny the connection by creating a rule for it. By default, rules are created for the entire destination domain of the connection, but you can change that.

Connection alerts may be annoying, especially during the first week and when you don’t have rules for connections to Apple in place. That’s why we recommend Silent Mode — Allow Connections for new users, at least for the first week.

Silent Mode — Allow Connections

In Silent Mode — Allow Connections, Little Snitch is mostly invisible to the user. It allows all network access which is not explicitly forbidden by a rule. Since the factory rule set does not contain any Deny-rules, Little Snitch behaves neutral after a new installation, it does not deny anything.

You may ask yourself what the benefit of this is. Although you haven’t denied anything yet, Network Monitor records every connection that occurs. Just open Network Monitor via keyboard shortcut (Control-Option-Command-M by default) or via the status menu to see what has happened so far. Then you can easily create rules for these connections. Allow or deny to your liking, but keep in mind that some things may stop working when you deny connections. Consult the Research Assistant in Network Monitor’s inspector in order to get more information on this topic.

You may wish to switch to Alert Mode after a week or two, when you have created Allow- or Deny-rules for all connections that have occurred so far. From this point onward, connection alerts will be rare, because you have already created rules for the most common types of connections.

Silent Mode — Deny Connections

This mode is similar to Silent Mode — Allow Connections as no connection alerts will be shown, but connections not covered by an explicit Allow-rule are denied. This mode may be useful for a server which is known to need a specific set of connections only. Once in a while you can check for connection attempts in Network Monitor which are not (yet) covered by a rule.


Was this help page useful? Send feedback.
© 2016-2022 by Objective Development Software GmbH