Sep 08, 2017 Little Snitch comes configured to allow common activities. For example, Safari requests data from port 80 (non-secure Web connections) and port 443 (https connections) to pass through without notice. Many OS X system daemons, autonomous bits of. Aug 12, 2016 Safari Extensions, Internet plug-ins, and other add-ons are designed to enhance or customize the browsing experience.Add-ons are widely available on the Internet, and some are installed as part of an app or other software. If you have add-ons installed, an add-on could be causing the issue. What is parsecd? Ask Question. Assistent it is used for Suggestions in Spotlight, Messages, Lookup and Safari and usually connects to api.smoot.apple.com. Little Snitch 3. Little Snitch 4 (CalendarAgent used for an. But her location service is still checked and grayed out - no way to disable it! Guess I’ll just have to block connections.
- Com Apple Safari Safebrowsing Service Little Snitch Online
- Com Apple Safari Safe Browsing Service Little Snitch Lyrics
- Com Apple Safari Safebrowsing Service Little Snitch 2
This is a tiny investigation of suspisious Mac OS Sierra connections reported by Little Snitch (commonly abbreviated as LS
in current context), each section consists of quotes from the discussions in corresponding links. My own comments are marked with italic.
This document covers only recent network activity, for the detailed Mac OS security guide refer https://github.com/drduh/macOS-Security-and-Privacy-Guide
This gist with shell script for just disabling everything is related, though I'd recommend to be very careful with it: https://gist.github.com/pwnsdx/d87b034c4c0210b988040ad2f85a68d3
Few things to know:
To get the list of agents you can run: ls /System/Library/LaunchAgents/
Utility to operate them is called launchctl
. To get info about certain service: launchctl list com.apple.whatever
Latest Mac OS versions include the System Integrity Protection (SIP) feature, that is controlled by csrutil
util.
By default it restricts unloading system agents, so most launchctl unload
commands in old (pre-Maverics) privacy guides will just fail with the following error: Operation not permitted while System Integrity Protection is engaged
Stopping certain deamon in current session is not restricted though:
sudo launchctl stop com.apple.whatever
You can disable SIP on your own risk, details here: https://developer.apple.com/library/content/documentation/Security/Conceptual/System_Integrity_Protection_Guide/ConfiguringSystemIntegrityProtection/ConfiguringSystemIntegrityProtection.html
akd/gsa
akd
is part of the AuthKit (authentication/authorisation) framework. Also used in the process of authenticating of iCloud and other accounts using Apple ID.
It is used to authenticate the App Store. App Store login fails if you block it.
Looks like it's the one you'll really need to keep in order to get updates automatically.
apsd
That is the daemon which arbitrates push notifications and other cloud services.
Note: aspd
rule is protected by Little Snitch (they consider it important enough for correct system functionality).
captiveagent
A captive portal is a network that forces an HTTP client to see a special web page (usually for authentication purposes) before using the Internet normally. A captive portal turns a Web browser into an authentication device. These are commonly used on wifi networks where authentication to the private network is done via a login browser page, rather than via the use of a WEP or WPA2 key, for example in some coffee shops and airports.
On Apple devices, if a captive portal is identified, a special application in /System/Library/CoreServices
called Captive Network Assistant.app
is opened. This is a very limited browser, separate to Safari, with no address bar or navigation buttons.
Pretty nice example of how things are messed up nowadays. I disabled it on a wi-fi connected computer and it seemes to be fine, but looks that's the thing to be accurate with, since wrong settings may cause problems with connecting to your own wi-fi networks.
ckkeyrolld
Looks like for now nobody is sure what it is:
ckkeyrolld
is the system daemon that rolls and verifies encryption metadata.
No clue about what these metadata really are and why they need to be shared with Apple.
ckkeyrolld.plist
is related to iCloud encryption I believe.
Soundes like a creepy crap to be disabled. At least if you are not using iCloud (I do not).
com.apple.Safari.SafeBrowsing.Service
This database, provided by Google, is used by mobile Safari to check for known malicious web sites.
Google is constantly updating this database, so your iDevice refreshes on every sync.
Suspicious is that OSX sometimes calls the service while Safari is off. But overall this is a useful one.
gamed
Obviously this framework is something to do with Apple's Game Centre, which I've only previously come across on iOS. What is it now doing on OSX, given that there seems to be no GUI 'front-end' for it? And how the **** do I disable it?
Definitely to be blocked or turned off.
possible way to disable:
In system settings, you have the panel with the notification center. I removed the game center from there. Hope it helps!
geod.xpc
It looks like this service is entirely related to Location Services. Blocking it with Little Snitch (as I have done) and/or disabling it with the launchctl command, will render Location Services inoperable. About the only down side I see to that (for my own usage scenario) is loss of the Find My Mac functionality. Otherwise, I've got no particular reason for apps and system services to be utilising my location. People who travel (across timezones) may find that automatic updating of their timezone and clock will fail.
Locationd
is a daemon that provides location services for OS X's 'Core Location'. This uses skyhook technology to figure out your mac's location (using WiFi). It's the same system used by the iPod Touch, and is also used by the iPhone (The iPhone also uses cell tower triangulation and GPS).
Even if you were to process all the geo location aspects on developer.apple.com - it's widely used - far greater than just the Core Location API - https://developer.apple.com/documentation/corelocation.
- Weather
- Calendar
- Address Book
- Maps
- Siri
- iCloud (finding the best data center to route uploads)
- Store (which geographic region should your content be)
- Time Zone and Night Shift
- Safari location
possible way to disable:
Location Services can be turned off in System Settings (and is actually recommended for the desktops, since you'll hardly ever need them). In my case that didn's stop geod.xpc activity though.
helpd
helpd
is the daemon that's running on your mac that gives you access to the help files when you open a program.
I turn this thing off since it tries to reach remote servers when I do not ask for any kind of help.
Com Apple Safari Safebrowsing Service Little Snitch Online
imagent
imagent
is part of Apple's Messages app (formerly iChat). (LS info)
IMAgent
is a process that listens for FaceTime invitations. It will be active even if FaceTime isn't running. You don't have to block it, but if you don't use FaceTime you can open the application, open preferences, and turn off FaceTime. That should quit the IMAgent process.
imagent
memory leak in Mountain Lion: https://discussions.apple.com/thread/4209012?tstart=0
Tries to reach init-p01md.apple.com
with no reason, when iChat/FaceTime/etc are off.
ksfetch
Not an Apple service, but you'll probably encounter it. Useful one. Frequency of update checks is adjustable, see the link below.
The ksfetch
process on OS X is part of Google Chrome's update mechanism. The ks prefix is an abbreviation of Keystone. The process appears to be responsible for fetching updates to Google's products.
mappushd
Location Services allows applications and websites to gather and use information based on the current location of your computer.
Com Apple Safari Safe Browsing Service Little Snitch Lyrics
Your approximate location is determined using information from local Wi-Fi networks, and is collected by Location Services in a manner that doesn’t personally identify you.
The part of Location services. Related to weather, timezones and so on. Can be disabled on desktops. The only real use of them is Find My Mac functionality on macbooks.
nbagent
Noticeboard agent is a macOS system process. As part of Apple’s software update mechanism it is connecting to Apple’s servers. (LS version)
nbagent
is used for website notifications that show up in notification center
Still not sure what it is. What is noticeboard? Why does it need a special agent to connect apple servers? Just disabled it.
parsecd
parsecd
itself is an unknown network service (possibly related to security) which is run every 10 minutes approximately.
Com Apple Safari Safebrowsing Service Little Snitch 2
Is this the service that sends all of my pasteboard content to Apple?
parsecd
is a macOS system process that is used for suggestions in Spotlight, Messages, Lookup and Safari (Little Snitch info)
But what the heck does parsecd
actually do?
It is location-based suggestions for Siri
I now see a Siri entry that’s checked but greyed out. I suspected that was because she was disabled so I reenabled her. But her location service is still checked and grayed out - no way to disable it!
Guess I’ll just have to block connections with LS to silence the cunning little witch.
touristd
It can display different Apple tours depending on OS and device. You can try to run /System/Library/PrivateFrameworks/Tourist.framework/Versions/A/Resources/touristd --help
to get some hint.
Details:
Safari User Guide
You can change options in Safari preferences so that Safari always accepts or always blocks cookies and website data.
In the Safari app on your Mac, choose Safari > Preferences, click Privacy, then do any of the following:
Prevent trackers from using cookies and website data to track you: Select “Prevent cross-site tracking.”
Cookies and website data are deleted unless you visit and interact with the trackers’ websites.
Always block cookies: Select “Block all cookies.”
Websites, third parties, and advertisers can’t store cookies and other data on your Mac. This may prevent some websites from working properly.
Always allow cookies: Deselect “Block all cookies.”
Websites, third parties, and advertisers can store cookies and other data on your Mac.
Remove stored cookies and data: Click Manage Website Data, select one or more websites, then click Remove or Remove All.
Removing the data may reduce tracking, but may also log you out of websites or change website behavior.
See which websites store cookies or data: Click Manage Website Data.
Note: Changing your cookie preferences or removing cookies and website data in Safari may change or remove them in other apps.