Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

hgfjhbvytjdnb

macrumors member
Original poster
Dec 8, 2022
39
32
Hello
I'm looking for some help trying to understand the firewall behaviour in Sequoia.
Did Apple deploy a sort of automated "logic" which adds system processes and sets them to "allow incoming connections" as it pleases? Previous macOS (OSX) versions never did anything like it, so am thinking that someone is messing with my machine... or is this now the new Apple "norm" and what exactly is it meant to do that it didn't need to do in the past?
I'd appreciate your insights there.
 
Lifetime PC user, just now starting to switch to Mac with my new M4 Mac Mini Pro.
Genuine curiosity question from me, as I'd like to learn how to monitor this.

How do you know this is happening?
I would like to check my configuration.

Thanks!

Hopefully someone will educate us.
 
At the bottom of the "options" of Firewall page you have few options. Default is to Automatically add built in processes and signed applications to receive incoming connections. If you switched this off, it may be bug and you shoudl report to Apple. But by default list of allowed applications will grow...
It is probably a good idea to allow signed/system apps to add silently as that is what most people expect. If I install app, I assume it will work. There are arguments against, but most people prefer convenience against security.
 
I have Little Snitch on one Mac but I'm trying out LuLu on my MBA and it seems to be working well without screwing anything up. The macOS firewall is OFF on both machines.
 
Default is to Automatically add built in processes and signed applications to receive incoming connections. If you switched this off, it may be bug and you shoudl report to Apple. But by default list of allowed applications will grow...
If I understand you correctly, starting from macOS15 Apple started exposing processes covered by the "Automatically allow (...)" option - if enabled. Whereas in the past those were allowed to access but silently.
If true, this would make sense. Shame it's not clearly explained anywhere.

Just an update, I disable both options, removed all entries, confirmed changes, and the Universal Control entry reappeared straight after with "Allow incoming connections". Then after a while another entry appeared - rapportd with "Block incoming connections"... So yea, it's doing something but who knows what :D
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.