When I boot from my backup, Little Snitch reports that its rules have been replaced by a different version. Why, and how can I avoid this?

Printer-Friendly Version
Product: 
ccc4

According to ObDev developers, it is crucial for Little Snitch to avoid unnoticed ruleset changes. Little Snitch therefore has numerous mechanisms to detect whether it is using the exact same ruleset file, as in, on the same volume and at the same physical address on that disk. This sort of mechanism makes it impossible for Little Snitch to use the ruleset on the booted backup volume without physical intervention from a user at the system (thus the dialog asking if it's OK to use the current version of rules or to use a default ruleset).

In cases where you have physical access to your computer while booting from the backup, the solution is straightforward — simply click the button to use the current rule set and everything behaves as normal.

In cases where you do not have physical access to the system, e.g. you have a server in a colocation facility, there is a logistical challenge. While Little Snitch is reporting that the ruleset doesn't match, it's also preventing network connectivity to and from the server. If you rely on VNC screen sharing to access the system, you will be unable to access the system to accept the current version of the Little Snitch ruleset.

According to ObDev developers, you can avoid this logistical lockout by removing the following two items from your backup volume before rebooting from it:

/Library/Extensions/LittleSnitch.kext
/Library/Little Snitch

Little Snitch Files

Once rebooted, reinstall Little Snitch to regain the application firewall and all is well.

While that method works fine for cases in which you plan to reboot from the backup volume, you're potentially in a lurch if you have an unplanned incident, e.g. the server's hard drive fails. To avoid encountering this problem altogether, you can exclude those files from your backup task:

Excluding Little Snitch Files from a CCC backup task

CCC does not delete files from the destination that are excluded from the backup task, so be sure to remove those items from your destination if you have already established your backup.