Which processes to allow, and not allow?

General discussions about Little Snitch
winebug
Posts: 2
Joined: Fri Nov 06, 2015 9:52 am

Which processes to allow, and not allow?

Postby winebug » Fri Nov 06, 2015 10:20 am

Just moved from Mavericks to El Capitan, imported my old LS rules and received a plethora of connection alerts, so I came back to LS standard rules at install, to see there are still plenty of connection alerts. Can anyone help decipher what these are for and what they do?

akd
AssetCacheLocatorService.xpc
cloudd
com.apple.geod.xpc
nsurlsessiond
UserEventAgent

Also, I noticed descriptions on some locked LS rules which I would prefer to be denied, if I deny them, do they affect other OSX services?

assistantd - help: This rule is necessary if you want to use Apple’s dictation services. (I don't want to dictate anything to my mac, or for it to capture noise from the mic whenever it feels like it).

automount - help: Automount is responsible for on-demand mounting of remote file systems. This rule enables automount to access file servers outside your local network. (I want to choose when to mount stuff rather then the system automatically mounting stuff without my intervention)

helpd - help: helpd downloads dynamic content for Apple's HelpViewer. If you disable this rule, HelpViewer search won't work. (I don't need/want apple help)

IMRemoteURLConnectionAgent - help: IMRemoteURLConnectionAgent.xpc is part of Apple’s messaging/chat services. (I don't want apple chat or messages or facetime)

Little Snitch Agent - why does little snitch need to connect to Apple, or to phone home to obdev?

mount_nfs & mount_url - Other then icloud drive, I much prefer to mount stuff manually whenever I need to, not whenever the system feels like it. Can this be disabled without harming icloud drive.

rsblanchard
Rank 3
Rank 3
Posts: 100
Joined: Mon Jul 02, 2007 9:25 am

Re: Which processes to allow, and not allow?

Postby rsblanchard » Sun Nov 08, 2015 12:40 am

In the ruleset of L.S., you should be able to un-check any "locked"-rule, and create your own rule(s), in place-of-them .

Midville
Posts: 9
Joined: Fri May 15, 2009 11:04 am

Re: Which processes to allow, and not allow?

Postby Midville » Tue Dec 08, 2015 3:47 am

I'd like to second the OP's request. I'm a Mavericks user who just bought a new Mac running El Capitan. I tried installing LS 3.6.1 on it and was surprised by the number of alerts I received. It seems that LS 3.6, though said to be ready for El Capitan, isn't keeping up in the rules department.

bebeo
Posts: 2
Joined: Mon Dec 14, 2015 8:42 am

Re: Which processes to allow, and not allow?

Postby bebeo » Mon Dec 14, 2015 8:47 am

I just installed a fresh copy on a new installation of OS X 10.11.2
I cannot handle all the authorization requests. I cannot know what all these connection requests are. :cry:
I don't want to add them as permanent rules without know what I'm doing. Very confused. Never saw this happen with earlier installations.

winebug
Posts: 2
Joined: Fri Nov 06, 2015 9:52 am

Re: Which processes to allow, and not allow?

Postby winebug » Mon Dec 14, 2015 11:30 am

It kind of cripples little snitch not knowing what all those processes are, what they do and why they need to connect. Is Little Snitch no longer a snitch but a collaborator? :(

hagen
Wizard
Wizard
Posts: 588
Joined: Mon Feb 18, 2008 11:05 pm

Re: Which processes to allow, and not allow?

Postby hagen » Tue Dec 15, 2015 9:47 am

winebug wrote:It kind of cripples little snitch not knowing what all those processes are, what they do and why they need to connect. Is Little Snitch no longer a snitch but a collaborator? :(

This is a user forum. You can look up these things as easily as we can. https://duckduckgo.com/

Try these for starters:
http://triviaware.com/macprocess/all
http://triviaware.com/macprocess/id/16004
http://triviaware.com/macprocess/id/13696
http://triviaware.com/macprocess/id/11519

bebeo
Posts: 2
Joined: Mon Dec 14, 2015 8:42 am

Re: Which processes to allow, and not allow?

Postby bebeo » Fri Dec 18, 2015 7:17 am

Well, here's a tip.
Since you can look them up so easily, why don't you do so, and then white list them as a "Little Snitch Basic" or a "Getting Started" type of configuration setting (like it was in earlier versions).
Seems like that would be pretty useful to your customers; and would build a lot of good will.
You are supposed to be the "experts" in this field. That's why we pay you for your product.

hagen
Wizard
Wizard
Posts: 588
Joined: Mon Feb 18, 2008 11:05 pm

Re: Which processes to allow, and not allow?

Postby hagen » Fri Dec 18, 2015 7:25 pm

OK, except there's nobody here but us customers. No one here is being paid. See Forum Rules and Guidelines, top of the main page.

stanley
Rank 1
Rank 1
Posts: 26
Joined: Mon Jun 18, 2007 6:14 am

Re: Which processes to allow, and not allow?

Postby stanley » Fri Dec 16, 2016 7:46 am

Could OBDev publish in their website list of all processes with all the information LS Research Assistant shows?

What is most complete and uptodate process list in internet, which tells what these processes are?

I know these lists but all processes don't have explanations:

http://triviaware.com/macprocess/all
http://macinside.info/browse.php
http://tedwise.com/osx-processes/


Kenneth
Posts: 3
Joined: Sun Jan 29, 2017 6:18 pm

Re: Which processes to allow, and not allow?

Postby Kenneth » Sun Jan 29, 2017 6:59 pm

Using the demo I am very impressed with Little Snitch's display of what seems to be every byte flying in and out of my computer. But, like many others here, the only things that look suspicious to me are those that clearly identify as a tracker or advertisement. Stanley and Hagen were kind enough to suggest we could do a web search for a list and offered some links, but Little Snitch should already "know" commonly recognized names of "definite", "probable" and "possible" intruders, update it regularly, and offer the option to automatically block or alert the user of their presence. Or... offer that option as a paid add-on. (I would pay it.) Maybe something like that is already available, but I haven't come across it yet.

hummingdrone
Posts: 11
Joined: Fri Jan 06, 2017 6:04 pm

Re: Which processes to allow, and not allow?

Postby hummingdrone » Mon Jan 30, 2017 3:14 pm

I discovered Little Snitch when I was on a quest to reduce online tracking.

To set up Little Snitch it took two weeks of:
- Just a whole lot of searching online. For that In the first week I used another browser that I hadn't locked down as much as I had locked down Chrome, which was my main goal.
- trial and error. When still in doubt after the googling, make it a temporary rule first. In the worst case scenario you just restart your computer. but I personally didn't run into any problems. If I had blocked too much, I could always just unblock it.
- Knowledge of some nerdy things is useful, I'll admit. What a port is and what some common harmless ones are (25,80,443). The difference between TCP and UDP (TCP is most used, UDP is for streaming), and how what apps should be logicaly be allowed to connect to the local network (netbios for example), but have no logical reason to talk to the wider internet.

See it as a journey of discovery into the jungle that is your laptop's inner working.


TWO DOMAINS
I split my thinking into two domains:
- When it comes to all the (background) applications on my computer, I'm quite forgiving. Googling a lot helped me learn what all the applications were and what they did. Something tried to connect to "pancake.apple.com" for example, made me laugh. I totally blocked the GEOD app, which tries to determine your location. I don't use of want that, so I blocked it.
- I am most fascinated by seeing all the things websites try to connect to. I now user Chrome for most browsing, and Firefox for logging into social media like Linked-In, Facebook and the like, which I do rarely. This allowed me to block anything related to Facebook/Linked-in/Twitter on my normal browser.

COMPANION APPS
In order to not go crazy with requests from my browser, I also did some other things to block outgoing requests:
- I installed browserplugins uBlock and uMatrix. uBlock filers knows offenders. And uMatrix is like HandsOff, but only for inside your browser. I also still have ScriptSafe and Privacy Badger installed, although they overlap a little now in functionality. The fun thing is that a tool like HandsOff really shows you that these browser plugins are doing their work.
- I also modified my 'hosts file'. It's like an oldschool superbasic way of blocking out going connections, and exactly the thing that things like Little Snitch and HandsOff turn up to 11. You can find lists of dubious websites online (someonewhocares.org/hosts), and by copy-pasting that into your hosts file, you block them at the root. It's yet another layer of blocking.

OTHER WAYS TO REDUCE TRACKING
I also did some other things to reduce tracking (by Google specifically)
- I switched to using Qwant as my search engine. It's awesome!
- I have a Synology NAS at home, and started using that as my calendar and contacts server instead of Google. The DavDroid app syncs that with my phone when I am connected to the home wifi. Calendar and Addressbook on my mac were even easier to set up.
- I didn't use Pi-Hole, but it's an interesting way to block advertising for your entire network in one swoop.

To reduce tracking in the real world:
- The WifiToggle app turns off my Wifi when I leave the house (and back on again when I return), based on the GSM signals it detects.

OVERKILL?
Because I work in the field of privacy this has been relevant research. it might be overkill for you :D

In any case, my experiment to reduce my depence on Google has been surprisingly painless.

I did switch to HandsOff instead of Little Snitch though. I didn't want to, Little Snitch has a more polished user interface. But it didn't seem to offer me the ability to block based on DSN resolving, which I needed to have more finegrained control towards Google's services.

hagen
Wizard
Wizard
Posts: 588
Joined: Mon Feb 18, 2008 11:05 pm

Re: Which processes to allow, and not allow?

Postby hagen » Wed Feb 01, 2017 11:42 pm

Here's a related thread, with some useful information:

viewtopic.php?f=1&t=10646


Return to “Little Snitch General”

Who is online

Users browsing this forum: Bing [Bot] and 3 guests