Apple has removed this whitelist completely, allowing third-party firewalls like Little Snitch to reliably monitor and filter any network traffic. Up until macOS 11.1 the whitelist inlcudes the following macOS processes.
- UPDATE 2: The traffic of some Apple processes isn’t shown in Little Snitch 5. UPDATE 3: Enabling Little Snitch 4.6 kext under Big Sur. UPDATE 4: Tweet by Apple developer Russ Bishop: 'Some system processes bypassing NetworkExtensions in macOS is a bug, in case you were wondering.' And some replies.
- Aug 21, 2016 com.apple.geod.xpc. Apple programs directly parts of the system software and why are they connecting to the internet without my request? I do not use any 'games' why trying to erase this application I'm told this would jeopardize the general funtionality of my computer?
- EtreCheck 4.01.% (App Store) com.apple.WebKit.WebContent (14) 1.37.% (Apple) Little Snitch Agent 0.47.% (Objective Development Software GmbH) Google Chrome 0.32.% (Google, Inc.) Top Processes Snapshot by Memory: Process (count) RAM usage (Source - Location) EtreCheck 706.MB (App Store) Google Chrome 304.MB (Google, Inc.) Google Chrome Helper.
tinyapps.org / blog
Patrick Wardle highlighted a tweet by Maxwell ('Some Apple apps bypass some network extensions and VPN Apps. Maps for example can directly access the internet bypassing any NEFilterDataProvider or NEAppProxyProviders you have running'), sparking an extensive HN discussion on Apple's ham-fisted tactics (not unlike Google's recent behavior).
A search for 'NEFilterDataProvider' turned up David Dudok de Wit's post fingering the ContentFilterExclusionList key in /System/Library/Frameworks/NetworkExtension.framework/Versions/A/Resources/Info.plist as the culprit. The default list includes 56 Apple apps and daemons like App Store, MusicLibrary, softwareupdated, etc.: