Page 1 of 2

codesignature problem

Posted: Tue Jun 12, 2018 2:41 pm
by esseti
I've several app that littlesnitch is blocking due to code signature problem.
how can I get rid of this checking and relative rules? it's SUPER ANNOYING
the app are ok (one is android studio just to make an example) so i would like to use them thanks.

Re: codesignature problem

Posted: Tue Jun 12, 2018 6:17 pm
by rrrr
Updated to 4.1 (core system/kernel version 5167), and hit this problem with Cisco VPN client, had to disable little snitch since it makes VPN unusable, it requests to approve code signature for every new connection, despite it having "Code signature is ignored" label.

Re: codesignature problem

Posted: Tue Jun 12, 2018 6:48 pm
by dunham
This looks like a bug to me. I'm having the same issue with cisco vpn. It started with the 4.1 update and codesign says the signature is fine:

Code: Select all

$ codesign -vvv /opt/cisco/anyconnect/bin/vpnagentd
/opt/cisco/anyconnect/bin/vpnagentd: valid on disk
/opt/cisco/anyconnect/bin/vpnagentd: satisfies its Designated Requirement

$ file /opt/cisco/anyconnect/bin/vpnagentd
/opt/cisco/anyconnect/bin/vpnagentd: Mach-O executable i386


Maybe they broke signature checking for thin i386 (32-bit) executables when fixing CVE-2018-10470?

I'm on OSX 10.13.4.

Re: codesignature problem

Posted: Wed Jun 13, 2018 2:33 am
by JoeB
rrrr wrote:Updated to 4.1 (core system/kernel version 5167), and hit this problem with Cisco VPN client, had to disable little snitch since it makes VPN unusable, it requests to approve code signature for every new connection, despite it having "Code signature is ignored" label.



It's not restricted to cisco vpn, it's an issue with Pulse Secure as well.

There are several UI issues, regardless of the actual code signature mismatch detection:

1. the ignore code signature button doesn't function as designed.
2. the popup is not able to access the "modify existing rule".
3. the popup is not able to be moved to a secondary screen.

Also tested on OSX 10.11.6

Re: codesignature problem

Posted: Wed Jun 13, 2018 10:34 am
by esseti
how do you disable code signature checks?

Re: codesignature problem

Posted: Wed Jun 13, 2018 4:42 pm
by user425890uhh
Just updated to Little Snitch 4.1. I'm running it on macOS 10.13.5. Add me to the list of those experiencing this issue.

Little Snitch reports the Cisco AnyConnect application as having an invalid code signature while macOS reports that the code signature is valid. Specifically, Little Snitch complains that the certificate is untrusted. Is Little Snitch using a different list of CAs than the OS uses?

Regardless, I hope this gets fixed soon. VPN via AnyConnect is a hard business requirement for me so I'll have to disable Little Snitch until this gets resolved.

Re: codesignature problem

Posted: Wed Jun 13, 2018 5:10 pm
by bluloo
Just updated to 4.1 Seeing a code signature warning for Netsession (Akamai). Also produces a Little Snitch Agent crash at the same time as well.

Based on other similar reports here, it does seem like a bug

Re: codesignature problem

Posted: Wed Jun 13, 2018 5:31 pm
by joemamasmac
I am in the same boat. Citrix Receiver is having the same issue, and I keep getting the notification over and over to ignore code signatures. Even when trying to ignore it, it pops up over and over.

Re: codesignature problem

Posted: Wed Jun 13, 2018 7:04 pm
by RockGrumbler
I have experienced this bug as well. In the initial warning I choose to ignore and nothing happens. I found a work around by using the link at the top of the dialogue window that exposes the rule. This brings up the rule in the configuration app. Then I chose to edit the rule, change nothing, and hit OK. After this I am prompted with a question to ignore code signatures. When I agree at this point, it seems to take effect and the problem is resolved, or at least the code signature is ignored. I'm on OS X 10.13 and using a Cisco VPN client.

Re: codesignature problem

Posted: Wed Jun 13, 2018 8:00 pm
by flynnoeh
Add me to the list. Same issues with Cisco AnyConnect (4.5.03040) and Citrix Receiver (12.9.0) on two MBPs, macOS 10.13.5, Little Snitch 4.1.

Re: codesignature problem

Posted: Wed Jun 13, 2018 8:59 pm
by nochum
Please add me to the list of users experiencing the issue. I had to disable the network filter since I do all of my work over the Cisco AnyConnect VPN.

Re: codesignature problem

Posted: Thu Jun 14, 2018 5:04 am
by littleratlover
I am seeing code signature alerts for an app (a file synchronization app) that had no problems previous to version 4.1. The alert dialog does seem dysfunctional (it is also huge and can't be dismissed easily). I poked around a bit with various rules and managed to allow the app to run but I did not document (nor do I remember) what I did. This was for local network connections. I am also seeing concurrent LS Agent crash reports. This is on 10.11.6.

Re: codesignature problem

Posted: Thu Jun 14, 2018 5:29 am
by flynnoeh
flynnoeh wrote:Add me to the list. Same issues with Cisco AnyConnect (4.5.03040) and Citrix Receiver (12.9.0) on two MBPs, macOS 10.13.5, Little Snitch 4.1.


Just to note that I tried the June 11 2018 4.1 nightly (5165) to no avail.

Re: codesignature problem

Posted: Thu Jun 14, 2018 8:35 am
by esseti
RockGrumbler wrote:I have experienced this bug as well. In the initial warning I choose to ignore and nothing happens. I found a work around by using the link at the top of the dialogue window that exposes the rule. This brings up the rule in the configuration app. Then I chose to edit the rule, change nothing, and hit OK. After this I am prompted with a question to ignore code signatures. When I agree at this point, it seems to take effect and the problem is resolved, or at least the code signature is ignored. I'm on OS X 10.13 and using a Cisco VPN client.


this workaround actually works.

- edit the rules and do nothing
- edit the rules and uncheck " code signature checking"
- disable the bloking rule

at least now something works, let's see how long it last

Re: codesignature problem

Posted: Thu Jun 14, 2018 2:08 pm
by user425890uhh
esseti wrote:
RockGrumbler wrote:I have experienced this bug as well. In the initial warning I choose to ignore and nothing happens. I found a work around by using the link at the top of the dialogue window that exposes the rule. This brings up the rule in the configuration app. Then I chose to edit the rule, change nothing, and hit OK. After this I am prompted with a question to ignore code signatures. When I agree at this point, it seems to take effect and the problem is resolved, or at least the code signature is ignored. I'm on OS X 10.13 and using a Cisco VPN client.


this workaround actually works.

- edit the rules and do nothing
- edit the rules and uncheck " code signature checking"
- disable the bloking rule

at least now something works, let's see how long it last


The check box and text to disable code signature checking for my AnyConnect rules is grayed out. I'm unable to disable code signature checking for those rules. :(