When I try to save custom settings on Firewall to block the connection to some apps, settings are not saved, or saved for some minutes, and then automatically all permissions are enabled.
This is a very important security problem, how did you solve? Tks
MacBook Pro 16″, macOS 13.0
Same issue here. The only way I could fix it was to use the socketfilterfw executable directly, with sudo privileges, on the command line. You can check out the help information for the executable by running:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw -h
which explains what options are available and their general use.
For a specific example, I was able to then use the --remove <path> option which would be the same as using the "-" button to remove something from the list of individual applications that have individual rules set on them:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --remove /Applications/Firefox.app
I already read this in the online help, but this repetition doesn't solve the problem that probably is a bug.
if I set a custom permission to an app, as said in 4 and 5 points, the settings is not saved. If I deny a permission to an app (red), reopening the settings after a few minutes, the permission becomes green.
But one thing is malware/viruses, another thing is junk from previous installations, settings on library of removed apps, temporary files never removed and so on.
When you remove an app dragging it on the bin, the library (both main and user library) remains full of old settings and I can assure you that there is a lot of waste left behind.
Same for autorun apps (e.g. Adobe cloud, many autoupdates demons) that take up a lot of memory and there is no way to remove them other than manually, as the operating system never bothers with these cleanings.
I can confirm that this macOS bug is still present in Ventura 13.2. I'm currently stuck with all incoming connections blocked and no way of turning it off. As with OP, I can make the change but within a few minutes, the settings revert to an older previously saved setting.
I only looked at this issue because every user account on my Mac used to get a pop-up dialog asking whether to allow "mediasharingd" to accept incoming connections. The pop-up would disappear in less than a second. Of course, I don't have any media sharing services turned on.
I have same issue with a brand new Mac Studio before installing one app. This is 100% an Apple IOS bug/glitch.
It’s pretty pathetic this is still an issue. I’m guessing way less staff, way less of a priority, no one cares, etc.
I believe (without minimal evidence) that the more people who report a bug to Apple the more likely it is to be fixed. So, use the feedback mechanism you are most comfortable with. I like the "Feedback Assistant".
I called apple support but they didn't help for this problem. They advised re-install macOS to me :))
I re-installed macOS to make they feel good. there was previous version of macOS on Recovery steps. after installation finish, I checked this problem and I saw there was no problem. Then I upgraded macOS to ventura on system settings>update menu, after upgrading this problem started again. I tried primitive ways to prevent this primitive issue.
Finally I realized Garry's way and came to here for answer but he wrote already. cool
anyone who cannot do a magic trick with terminal (socketfilterfw) like me?
mac mini 2018 with Ventura 13.2.1 updated has the same problem
I'm trying `socketfilterfw --unblockapp`(same for blockapp), neither of w/ sudo nor w/o sudo toggle block.
With sudo it shows `The file path you specified does not exist` error, no changes on `--listapps`.
Without sudo, it seems working like `Incoming connection to the application is permitted` but no changes on `--listapps`.
No chance of typo for the path because I copied what is on `--listapps` result.
No changes though I tried `sudo /usr/libexec/ApplicationFirewall/Firewall` to kill and revive socketfilter.
Anybody?
I went and tried to shut off accept incoming connections from to an app and sadly I could not save it either.
There are 3rd party apps that help block what Apple has allowed over a users consent, I say this because a company called Acustica Audio said to of discovered pirated software on a customer's computer while monitoring their screen with out their knowledge., this company later realised the customer had purchased a used computer and the data they discovered could not be erased from the machine history even after erasing the SSD soldered unto the mother board., a m1 machine running Ventura, till Samona.
The user decided to consult an attorney because they paid for the products and found it shocking that Acustica Audio invaded their privacy and where confident the customer will accept their banning them after spending $650 on their plugins., until the attorney advised the user to demand where the proof of the pirated software is to have the legal right to respond, be it defence or a settlement..the Attorney later reports that the company recorded not only the screen of the customer but had access to the customer's root drive, computer everything but the user agreement for the software indicated this (the right to access the computer using the password provided to install their products, the microphone, the camera etc etc)...so the attorney advised the client to make it public..but acustica justified it by sharing screenshots of the users network firewall settings..settings in this thread no one can change..even if the pop up menu asks the user to allow or not (for example) logic to have incoming connections..the firewall ignores anything the user wants and lets it..
Go to your apple menu on the top left, choose about this Mac/Choose Network, then Firewall..you will see things in there that are NOT at all int he firewalls allow or no list.
Some of these apps where removed..yet this info stays in the About this Mac info..
So how can we stop or allow if the firewall does not let us?
How about Radio Silence or LIttle Snitch. Are you running either of those programs?
Many thanks for the pointer to socketfilterfw.
Can you use Feedback Assistant ? If so, it would be good for another user to lodge a formal bug report (I reported on 24/1/23).
🟢 Finally with update of today, 13,4, it seems to be working! 🟢
I don't use the Firewall as my iMac is at home behind a secure router running WPA2 Personal security. If I had a laptop then I'd use the Firewall whenever I left home and used pubic access points.
Have you installed and run any "cleaning", "optimizing", "speed-up", anti-virus or VPN apps on your Mac?
I'm having this exact same issue. I'll open up Network > Firewall > Options. I'll switch something to Block incoming connections, close out window. Then if I reopen it will have it as Allow incoming connections. This is very frustrating. Is there a bug fix coming soon for this? Wish I never updated...
I’m having many issues with Ventura and there still hasn’t been a patch. Laggy mouse, firewall not working, new settings screen is awful. I just bought a brand new Mac Studio and can’t tell if it’s acting up or Ventura.
When I remove an app from my iMac I use AppCleaner. It works very well but one has to be careful and read the warning below. Like for PowerPhotos 2.0 this is what would be removed:
WARNING: If you use AppCleaner on an app that you have other apps from the same developer, like Adobe, you must be extremely careful checking all checkboxes and deleting. Some for those files may support other apps from the same developer and deleting them can mess them up. Adobe apps is a primary example. I know from experience. For singular apps from a developer it's safe.
It does get rid of a lot of excess junk.
Firewall settings not saving
