Don’t automatically allow signed Apps to pass the firewall

Per default, the Apple firewall allows for signed Apps incoming network traffic without notification. Turn this off and you learn, which traffic is related to your Apps. Even better: use a third party firewall which also controls outgoing traffic. See A firewall should be activated

This check is visible only, when Apple firewall is activated.

How to fix it

macOS 10.11 – 11.0

  1. Go to “System Preferences” > “Security & Privacy” > “Firewall”
  2. “Click on lock to make changes”
  3. Click on “Firewall options”
  4. Deselect “Automatically allow built-in software to receive incoming connections”
  5. Deselect “Automatically allow downloaded signed software to receive incoming connections”
  6. By the way: enable “Enable stealth mode”

PLEASE READ THE FOLLOWING TIP AND DISCLAIMER!

Keep in mind: not every security and privacy setting is suitable for everyone. Enhancing the security can lead in losing functionality and/or comfort.
Before making changes, please backup your Mac! Do not make too many change at once. After changing your Mac, check if your normal usage of your Mac has changed in a way which fits to you. Are your really willing to loose some functionality and/or comfort?
Most important is, that you learn and understand what are the advantages and disadvantages of the security settings and that you are aware about the capabilities and risks of your Mac configuration.

To skip this result message from your next security scan, you can deactivate this check. FAQ: How to deactivate a check.

CHECK RESULTS BY SIMPLEUMCHECK DO NOT COVER ALL ASPECTS OF POSSIBLE SECURITY CHECKS OR MAYBE INCORRECT OR INCOMPLETE. THE RESULTS ARE ONLY CLUES FOR RECOMMENDATIONS TO IMPROVE SECURITY AND PRIVACY ON THE MAC.

The use of SimpleumCheck, the checks and FAQ articles are provided under the SimpleumCheck End User License Agreement (EULA).