codesignature problem

General discussions about Little Snitch
esseti
Posts: 6
Joined: Thu Apr 26, 2018 12:29 pm

codesignature problem

Postby esseti » Tue Jun 12, 2018 2:41 pm

I've several app that littlesnitch is blocking due to code signature problem.
how can I get rid of this checking and relative rules? it's SUPER ANNOYING
the app are ok (one is android studio just to make an example) so i would like to use them thanks.

rrrr
Posts: 1
Joined: Tue Jun 12, 2018 6:12 pm

Re: codesignature problem

Postby rrrr » Tue Jun 12, 2018 6:17 pm

Updated to 4.1 (core system/kernel version 5167), and hit this problem with Cisco VPN client, had to disable little snitch since it makes VPN unusable, it requests to approve code signature for every new connection, despite it having "Code signature is ignored" label.

dunham
Posts: 2
Joined: Tue Jun 12, 2018 6:39 pm

Re: codesignature problem

Postby dunham » Tue Jun 12, 2018 6:48 pm

This looks like a bug to me. I'm having the same issue with cisco vpn. It started with the 4.1 update and codesign says the signature is fine:

Code: Select all

$ codesign -vvv /opt/cisco/anyconnect/bin/vpnagentd
/opt/cisco/anyconnect/bin/vpnagentd: valid on disk
/opt/cisco/anyconnect/bin/vpnagentd: satisfies its Designated Requirement

$ file /opt/cisco/anyconnect/bin/vpnagentd
/opt/cisco/anyconnect/bin/vpnagentd: Mach-O executable i386


Maybe they broke signature checking for thin i386 (32-bit) executables when fixing CVE-2018-10470?

I'm on OSX 10.13.4.

JoeB
Posts: 1
Joined: Wed Jun 13, 2018 2:24 am

Re: codesignature problem

Postby JoeB » Wed Jun 13, 2018 2:33 am

rrrr wrote:Updated to 4.1 (core system/kernel version 5167), and hit this problem with Cisco VPN client, had to disable little snitch since it makes VPN unusable, it requests to approve code signature for every new connection, despite it having "Code signature is ignored" label.



It's not restricted to cisco vpn, it's an issue with Pulse Secure as well.

There are several UI issues, regardless of the actual code signature mismatch detection:

1. the ignore code signature button doesn't function as designed.
2. the popup is not able to access the "modify existing rule".
3. the popup is not able to be moved to a secondary screen.

Also tested on OSX 10.11.6

esseti
Posts: 6
Joined: Thu Apr 26, 2018 12:29 pm

Re: codesignature problem

Postby esseti » Wed Jun 13, 2018 10:34 am

how do you disable code signature checks?

user425890uhh
Posts: 3
Joined: Thu Sep 07, 2017 5:01 pm

Re: codesignature problem

Postby user425890uhh » Wed Jun 13, 2018 4:42 pm

Just updated to Little Snitch 4.1. I'm running it on macOS 10.13.5. Add me to the list of those experiencing this issue.

Little Snitch reports the Cisco AnyConnect application as having an invalid code signature while macOS reports that the code signature is valid. Specifically, Little Snitch complains that the certificate is untrusted. Is Little Snitch using a different list of CAs than the OS uses?

Regardless, I hope this gets fixed soon. VPN via AnyConnect is a hard business requirement for me so I'll have to disable Little Snitch until this gets resolved.

bluloo
Posts: 4
Joined: Thu Oct 05, 2017 12:02 am

Re: codesignature problem

Postby bluloo » Wed Jun 13, 2018 5:10 pm

Just updated to 4.1 Seeing a code signature warning for Netsession (Akamai). Also produces a Little Snitch Agent crash at the same time as well.

Based on other similar reports here, it does seem like a bug

joemamasmac
Posts: 1
Joined: Wed Jun 13, 2018 5:30 pm

Re: codesignature problem

Postby joemamasmac » Wed Jun 13, 2018 5:31 pm

I am in the same boat. Citrix Receiver is having the same issue, and I keep getting the notification over and over to ignore code signatures. Even when trying to ignore it, it pops up over and over.

RockGrumbler
Posts: 1
Joined: Wed Jun 13, 2018 6:59 pm

Re: codesignature problem

Postby RockGrumbler » Wed Jun 13, 2018 7:04 pm

I have experienced this bug as well. In the initial warning I choose to ignore and nothing happens. I found a work around by using the link at the top of the dialogue window that exposes the rule. This brings up the rule in the configuration app. Then I chose to edit the rule, change nothing, and hit OK. After this I am prompted with a question to ignore code signatures. When I agree at this point, it seems to take effect and the problem is resolved, or at least the code signature is ignored. I'm on OS X 10.13 and using a Cisco VPN client.

flynnoeh
Posts: 3
Joined: Wed Jun 13, 2018 7:57 pm

Re: codesignature problem

Postby flynnoeh » Wed Jun 13, 2018 8:00 pm

Add me to the list. Same issues with Cisco AnyConnect (4.5.03040) and Citrix Receiver (12.9.0) on two MBPs, macOS 10.13.5, Little Snitch 4.1.

nochum
Posts: 1
Joined: Wed Jun 13, 2018 8:57 pm

Re: codesignature problem

Postby nochum » Wed Jun 13, 2018 8:59 pm

Please add me to the list of users experiencing the issue. I had to disable the network filter since I do all of my work over the Cisco AnyConnect VPN.

littleratlover
Posts: 4
Joined: Mon Apr 25, 2016 8:35 pm

Re: codesignature problem

Postby littleratlover » Thu Jun 14, 2018 5:04 am

I am seeing code signature alerts for an app (a file synchronization app) that had no problems previous to version 4.1. The alert dialog does seem dysfunctional (it is also huge and can't be dismissed easily). I poked around a bit with various rules and managed to allow the app to run but I did not document (nor do I remember) what I did. This was for local network connections. I am also seeing concurrent LS Agent crash reports. This is on 10.11.6.

flynnoeh
Posts: 3
Joined: Wed Jun 13, 2018 7:57 pm

Re: codesignature problem

Postby flynnoeh » Thu Jun 14, 2018 5:29 am

flynnoeh wrote:Add me to the list. Same issues with Cisco AnyConnect (4.5.03040) and Citrix Receiver (12.9.0) on two MBPs, macOS 10.13.5, Little Snitch 4.1.


Just to note that I tried the June 11 2018 4.1 nightly (5165) to no avail.

esseti
Posts: 6
Joined: Thu Apr 26, 2018 12:29 pm

Re: codesignature problem

Postby esseti » Thu Jun 14, 2018 8:35 am

RockGrumbler wrote:I have experienced this bug as well. In the initial warning I choose to ignore and nothing happens. I found a work around by using the link at the top of the dialogue window that exposes the rule. This brings up the rule in the configuration app. Then I chose to edit the rule, change nothing, and hit OK. After this I am prompted with a question to ignore code signatures. When I agree at this point, it seems to take effect and the problem is resolved, or at least the code signature is ignored. I'm on OS X 10.13 and using a Cisco VPN client.


this workaround actually works.

- edit the rules and do nothing
- edit the rules and uncheck " code signature checking"
- disable the bloking rule

at least now something works, let's see how long it last

user425890uhh
Posts: 3
Joined: Thu Sep 07, 2017 5:01 pm

Re: codesignature problem

Postby user425890uhh » Thu Jun 14, 2018 2:08 pm

esseti wrote:
RockGrumbler wrote:I have experienced this bug as well. In the initial warning I choose to ignore and nothing happens. I found a work around by using the link at the top of the dialogue window that exposes the rule. This brings up the rule in the configuration app. Then I chose to edit the rule, change nothing, and hit OK. After this I am prompted with a question to ignore code signatures. When I agree at this point, it seems to take effect and the problem is resolved, or at least the code signature is ignored. I'm on OS X 10.13 and using a Cisco VPN client.


this workaround actually works.

- edit the rules and do nothing
- edit the rules and uncheck " code signature checking"
- disable the bloking rule

at least now something works, let's see how long it last


The check box and text to disable code signature checking for my AnyConnect rules is grayed out. I'm unable to disable code signature checking for those rules. :(


Return to “Little Snitch General”

Who is online

Users browsing this forum: Google [Bot] and 4 guests