Product Announcements & Troubleshooting Common topics

Browsing Protection extension in Chrome causes all sites to be blocked on first search
Browsing Protection extension in Chrome causes all sites to be blocked on first search
Browsing Protection extension in Chrome causes all sites to be blocked on first search
Browsing Protection extension in Chrome causes all sites to be blocked on first search
Browsing Protection extension in Chrome causes all sites to be blocked on first search
Browsing Protection extension in Chrome causes all sites to be blocked on first search
Browsing Protection extension in Chrome causes all sites to be blocked on first search
Browsing Protection extension in Chrome causes all sites to be blocked on first search
Browsing Protection extension in Chrome causes all sites to be blocked on first search
Browsing Protection extension in Chrome causes all sites to be blocked on first search

Some system processes bypass the F-Secure application layer firewall on macOS 11 "Big Sur"

Note: Apple has fixed this issue from macOS 11.2 onwards. This is still a relevant issue in macOS 11.0, however, as described in this article.

With the macOS 11.0 "Big Sur" release, F-Secure changed to using a new type of Apple network extension API for its firewall implementation. This change has been a mandatory requirement from Apple, which moved away from using a kernel based approach on macOS Catalina 10.15.5.

We have since found out that certain system processes bypass the F-Secure application layer firewall as a direct result of using this new network extension API. This issue is an Apple issue and not only affects F-Secure products, but also other firewall products, as well as VPNs.

This issue affects the following F-Secure corporate products:

Computer Protection and RDR for Mac starting with build 35217 running on macOS 11 Big Sur, and macOS Catalina 10.15.5 or later
Client Security 15.00 for Mac running macOS 11.0 Big Sur, and macOS Catalina 10.15.5 or later

We have addressed our concerns about this issue with Apple, as have other vendors, and will continue to do so. What we do next and how we tackle this issue in F-Secure products depends on how Apple intends to respond to the issue in future macOS releases.

As far as we are aware, the following system processes on macOS are being bypassed:

/System/Applications/App Store.app/Contents/MacOS/App Store

/System/Library/CoreServices/cloudpaird

/System/Library/CoreServices/mapspushd

/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated

/System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd

/System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter

/System/Library/PrivateFrameworks/ApplePushService.framework/apsd

/System/Library/PrivateFrameworks/AppStoreDaemon.framework/Support/appstoreagent

/System/Library/PrivateFrameworks/AppStoreDaemon.framework/Support/appstored

/System/Library/PrivateFrameworks/AssetCacheServices.framework/Versions/A/XPCServices/AssetCacheLocatorService.xpc/Contents/MacOS/AssetCacheLocatorService

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd

/System/Library/PrivateFrameworks/CloudKitDaemon.framework/Support/cloudd

/System/Library/PrivateFrameworks/CommerceKit.framework/Resources/commerced

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/commerce

/System/Library/PrivateFrameworks/CoreLSKD.framework/Versions/A/lskdd

/System/Library/PrivateFrameworks/CoreParsec.framework/parsecd

/System/Library/PrivateFrameworks/CoreSpeech.framework/corespeechd

/System/Library/PrivateFrameworks/DistributedEvaluation.framework/Versions/A/XPCServices/com.apple.siri-distributed-evaluation.xpc/Contents/MacOS/com.apple.siri-distributed-evaluation

/System/Library/PrivateFrameworks/FamilyCircle.framework/Versions/A/Resources/familycircled

/System/Library/PrivateFrameworks/FamilyNotification.framework/FamilyNotification

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

/System/Library/PrivateFrameworks/HomeKitDaemon.framework/Support/homed

/System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Contents/MacOS/identityservicesd

/System/Library/PrivateFrameworks/IDSFoundation.framework/IDSRemoteURLConnectionAgent.app/Contents/MacOS/IDSRemoteURLConnectionAgent

/System/Library/PrivateFrameworks/IMCore.framework/imagent.app/Contents/MacOS/imagent

/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent

/System/Library/PrivateFrameworks/IMTransferServices.framework/IMTransferAgent.app/Contents/MacOS/IMTransferAgent

/System/Library/PrivateFrameworks/MapsSuggestions.framework/MapsSuggestions

/System/Library/PrivateFrameworks/MapsSupport.framework/MapsSupport

/System/Library/PrivateFrameworks/MediaStream.framework/MediaStream

/System/Library/PrivateFrameworks/MusicLibrary.framework/MusicLibrary

/System/Library/PrivateFrameworks/PassKitCore.framework/passd

/System/Library/PrivateFrameworks/ProtectedCloudStorage.framework/Helpers/ProtectedCloudKeySyncing

/System/Library/PrivateFrameworks/SyncedDefaults.framework/Support/syncdefaultsd

/System/Library/TextInput/kbd

/usr/libexec/coreduetd

/usr/libexec/diagnosticd

/usr/libexec/findmydeviced

/usr/libexec/fmfd

/usr/libexec/locationd

/usr/libexec/mdmclient

/usr/libexec/mobileactivationd

/usr/libexec/mobileassetd

/usr/libexec/networkserviceproxy

/usr/libexec/rtcreportingd

/usr/libexec/secd

/usr/libexec/siriknowledged

/usr/libexec/swcd

/usr/libexec/tailspind

/usr/libexec/teslad

/usr/libexec/timed

/usr/libexec/trustd

/usr/sbin/securityd

com.apple.facetime