Eventually you figure it out after enough tinkering. I use it mainly to monitor certain apps and to block undesirable connections.Ĭlick to expand.You can always just experiment with denying stuff if you're not sure, and then check if it's breaking anything or not. I am using the tool myself and I do have quite a bit of knowledge about the directory structure and its processes, but I am realistic enough that I don’t trust myself to spot any suspicious requests when they pop up. It is a tool for dedicated and advanced users.
Honestly, unless you know the system’s directory structure and pay close to attention to where you install software, chances are awfully low that you would become suspicious. The number of connection requests you will receive will quickly lead to fatigue and sloppiness. You will find that even many Apple processes will connect to seemingly random hostnames (e.g. The URL or IP address can be suspicious too, as well as the port. However, it is also common for malware to conceal itself by using Apple's nomenclature, so mistakes are easily made.
Malware likes to install itself into hidden locations, which you would be able to spot in this way. The most obvious signs are that the connection comes from a process that is not installed in a system location and that you don’t recognise as software you installed yourself.