The Background

One day I woke up and decided it was time to turn my LittleSnitch onto the built-in Apple services. If a service isn’t required for the proper functioning of the system, then at best it’s a waste of bandwidth. At worst—well, that’s anyone’s guess.

But I didn’t just want to block everything. I still wanted updates, the ability to verify signatures, and to keep my clock synced. Blocking anything related to the Apple ecosystem, though, felt like fair game to me.

So I sat down and started browsing, looking to see if anyone had already done the research on what various macOS services do and compiled a blocklist. Alas, the only worthwhile thing I found was this article on IntelTechniques from 2021. The author went nuclear, blocking almost everything—that would definitely break things I wanted to keep working.

That left me in a tough spot. Either I’d have to experiment heavily to figure out which services were safe to block, which would take a long, long time. Or I’d need to scour the internet for scraps of information on dozens of services, which wouldn’t be swift either.

Then it hit me: AI. AI could do the research for me and estimate the consequences of blocking each service. Even though the list wouldn’t be perfect, it would let me cull the majority of useless services while giving me a solid starting point to test the rest.

The Crawler

I extracted the paths and descriptions (where available) of the built-in services LittleSnitch recognized and made a nicely formatted file out of that. I decided to use TOML, since it’s a structured, well-known format. I figured the AI would be more attentive to it, potentially have built-in tools to work with it, and be less likely to drop entries. TOML was also the most readable option I could think of, so I went with it.

Then I gave that file to GPT-5, crafted a precise proompt describing what I wanted, and sent it crawling away in deep search mode. About 40 minutes later, it came back with the completed list. I had told it to fill in missing service descriptions, figure out any potential consequences of blocking internet access, and give a certainty score for each conclusion.

You can find this file here.

Time To Block

After reading the analysis and experimenting, I settled on the following whitelist.

Service	Why
mDNSResponder	Blocking it may lead to DNS resolution issues.
syspolicyd	Blocking it could disrupt Gatekeeper’s ability to verify apps, potentially preventing some applications or plugins from launching.
swtransparencyd	Blocking it disrupts Gatekeeper/notarization checks; launching apps may be slow or fail if their security cannot be verified online.
idleassetsd	Contains some buggy code; blocking it may trigger an infinite retry loop that burns CPU.
networkserviceproxy	A proxy used by other Apple services. Blocking it could cause cascading problems that are hard to diagnose. I didn’t really want to deal with that, so I left it allowed.
mobileassetd	Responsible for downloading fonts, dictionaries, and other system assets.
softwareupdated	Part of the system update mechanism. I want to continue getting updates.
nbagent	Also part of the system update mechanism.
NRDUpdated	Also part of the system update mechanism.
UpdateBrainService	Also part of the system update mechanism.
nsurlsessiond	Any application can delegate data transfers to this daemon. Since I’m not sure which apps rely on it, I left it in the allow list.
geod	The map inside LittleSnitch stopped working when I blocked this service, so I allow it now.
trustd	Responsible for certificate checks—pretty important security stuff.
timed	Keeps the clock synced.

All in all, I blocked 43 out of 57 built-in services (~76%). My system continues to function well, and I recently received the macOS Sequoia 15.6.1 update without issues.

Conclusion

Once again, you can find the analysis here.

If you’re interested in blocking some of the built-in services but have different needs—maybe you’re more extreme about privacy, or inversely need parts of the Apple ecosystem to work—you can use the report as a starting point to build an allow list that fits your needs.