Unanswered questions

Hello everyone! We recently started having issues with Netskope where OWA and Outlook (new) will not sync emails without a manual sync. Outlook (classic) works just fine though.I have had Netskope on my device since May hand have had no issues until Dec 10th. Microsoft may have made some changes, but I'm looking for a fix on the Netskope side. This is affecting all of my users. I've tried temporarily adding steering exceptions for outlook domains, but it has not solved the issue. Thank you all for your help!!!

I have installed the Netskope client on both Windows and macOS devices. On some Windows laptops, a few users are experiencing a freezing issue—specifically, their laptops freeze shortly after startup.We have multiple security tools installed on these devices, including Kaspersky Endpoint Security. All Netskope-related applications, pop-IPs, domains, and subdomains have already been allowed in Kaspersky. The following IPs and paths are whitelisted:Allowed IPs/Ports:http://162.10.*:443/ https://162.10.*:443/ http://163.116.*:443/ https://163.116.*:443/ Allowed Application Paths:C:\Program Files (x86)\Netskope\* C:\Program Files (x86)\Netskope\STAgent C:\Program Files (x86)\Netskope\STAgent\nsdiag.exe C:\Program Files (x86)\Netskope\STAgent\nspacparser.exeC:\Program Files (x86)\Netskope\STAgent\stAgentSvc.exeC:\Program Files (x86)\Netskope\STAgent\stAgentUI.exeC:\Program Files (x86)\Netskope\STAgent\tloader.exe C:\Program Files\Netskope\EPDLP\* Allowed Domains: netskope.com *.netskope.c

Does the Netskope client keep the SWG/NPA secure tunnels if the laptop/PC goes in sleep or hibernate mode?  Is there a recommendation? Thanks.

現在、Intuneにてシングルユーザーモードで展開しておりますが、マルチユーザーモードでの配布を考えております。どのように展開すればいいのでしょうか。

Hi Teams, i’m try to find the CMD reference for publisher CLI to change the host name and username of default user on publisher ssh but cannot find in the knowledge KB from netskope. so i wonder is it possible to change the hostname of publisher and change the default username from ubuntu ?is they any issue if we change this parameter on publisher?i’m also need to change the same for cloud exchange server too.

Hi All, Has anyone integrated Crowdstrike NG SIEM with Netskope. In Crowdstrike i can see that their is native integration with Netskope and require API Key.  API V2 Document which is available in Crowdstrike portal is outdated. In Netskope, we need to create role and then generate API key. Not sure which role we should assign in Netskope Tenant before generating API key.and  also correct me if role creation in Tenant Admin and generating API key is wrong method. Thank you in Advance.Govi33

Hello everyone.I recently implemented and installed Netskope SASE.Before Netskope, I was using Tailscale, and I encountered an issue where DNS queries (lookups) didn't work at all when running both the Netskope client and Tailscale on Ubuntu.Some say setting exit-node to false solved the problem for Tailscale, while others say setting an exception for Tailscale's Magic DNS (100.100.100.100) solved the problem for Netskope. Even after applying both settings, the problem persisted.If anyone has solved this issue, please help.

Hello!We have an enterprise license for Lovable AI at the company, but we want to block personal access and allow access only to those with the license. Currently, access to the license is via SSO.Since the application is not supported on Netskope, how can we achieve this license-based access control while blocking personal access?We've tried various methods using regex, HTTP headers, and attempts to block access through Google's provider and Git, but without success. When I click on Google login, for example, I'm redirected to their authentication page.

Greetings All,I’ve had a persistent issue for several months with Netskope on macOS that I wanted to throw out here to see if anyone else had come across something similar. Intermittently devices with the Netskope client installed will lose all connectivity to the internet. In the logs I see usually around 50,000 of these messages in a span of just a few seconds`critical nsDNSProcessor.cpp:149 dnsProcessor Failed to get DNS resolver values`Usually as this happens all active connections are killed, like ongoing zoom calls, even though those aren’t being steered to Netskope.Before this I see the DTLS tunnel close down with this flownpadebuglog.log```[info] npaClientHandler.cpp:748:npaClientHandlerStop():0x0 Will shutdown NPA handler and dispatch thread, tunnelId = 7f8b47.[info] tcpclient.cpp:530:shutdown():0x1086a1160 Shutdown socket fd 45[info] npaClientHandler.cpp:755:operator()():0x0 The client handler is stopping and shutting down, userId = 502.[info] tcpclient.cpp:199:handleClose():

Hi folks,do you know if when setting fallback action to alert, real time policies are still evaluated when a fallback action has been triggered?Use case : you don’t want to block download when file size > 400Mo (max file size analyzed by TP)1.You set fallback action to alert2.You set a RTP allow_all_vip for a VIP group to be allowed to download and surf with no exception3.You set a RTP block_dl_400 for all users to block download with constraints file size >400Mo AND specifics files typesExpected result when download a file under 400Mo, TP is applied, all users can download. when download a file great than 400Mo, fallback action is applied, then RTP is applied regarding the user’s groupIn Real life, when standard user try to download a file >400Mo, block_dl_400 is not applied, log indicate fallback action, so it seems that policies are not evaluated after fallback action.Moreover it seems that Netskope tenant is setting MIME/TYPE as application/octet-stream whatever the origin

WSL will work on windows , This info is not mentioned in netskope site (Windows Linux Subsystem)go to WSL settings change the networking mode to “ VirtioProxy” save it then run your commands , it should work In netskope tenant , you can see the logs refer to your laptop name . 

We are trying to install the netskope clinet via IDP using the below command. But somehow it is not successful. msiexec /I NSClient.msi tenant=XXX domain=goskope.com installmode=IDP mode=peruserconfig enrollauthtoken=XXX enrollencryptiontoken=XXX (/qn - we removed the qn just ot see the live progress what is happening). With Email-Invite it is working on the same PC, but we are trying to install via IDP for bulk installation without users intervention to enter the credentials. We have configred the token at MDM distribution and also created the SAML authentication under Forward Proxy. When we see the logs and didn’t found anything resolvable. "event_details": "Installed client version 132.0.7.2513",        "actor": "System"    }}2025/11/26 11:13:04.911 stAgentSvc p155c tc24 info addonmanapi.cpp:756 addonmanapi posting client status2025/11/26 11:13:04.911 stAgentSvc p155c tc24 error addonmanapi.cpp:759 addonmanapi Post Client Status addon userkey is empty2025/11/26 11:13:04.911 stAgentS

We have periodic reauthentication enabled for users, but on mobile devices, although a pop-up notification appears, users cannot view or be redirected to complete the  Periodical IdP Re-authentication to restore private app access.Is there any guidance available for this configuration?

How do I decrypt/read the TLS traffic in Advance Debug Logs while using Wireshark? 

Hello,I have a DLP policy that blocks the upload of unlabeled documents. The issue I’m facing is that when I try to upload a PPTX file that is labeled with Microsoft Purview Information Protection (MPIP), the upload is blocked by this policy.It’s important to note that not all PPTX files are blocked—only some of them.What I’ve noticed is that, for the blocked files, the “True file type” is detected as “ZIP archive.” In contrast, for files where the label is recognized and the upload is allowed, the “True file type” is shown as “Microsoft PowerPoint 2007 XML.”Has anyone encountered this problem before? Your help would be very much appreciated.Thanks, 

Hello,I am running VirtualBox in NAT mode on my machine with the Netskope Client installed on the host. The VMs inside VirtualBox are failing to connect or update due to SSL/Certificate errors caused by Netskope's inspection.I want to bypass SSL Decryption specifically for the VirtualBox application, but I do not want to bypass traffic for the whole machine or use a broad IP-based exception. Thanks.

What is currently supported to passthrough Phish-Resistant MFA methods like passkeys from unmanaged devices over Reverse proxy, universal reverse proxy and NPA browser access steering methods? We are moving to enforcing phish-resistanct MFA and need to understand what is supported and what has been tested. If this is not currently supported, is this on the roadmap or would this require the use of enterprise browser?  

Does anyone know what the “Export User Key” is used for in Netskope? This feature is located in Setting>Security Cloud Platform>User section?I could not find any documentation on the use case for this feature. I’ve attached the screenshot below.  Is there a place to store the json file once the user key is downloaded?  Thanks.  

Use Case: Create reporting to show users who are and those who are not using paid subscriptions Assume there's three AD groups, each targeting a specific AI tool. For this example, we can say Copilot 365, Claude and ChatGPT.  Please help provide guidance to create resorting/dashboards for this example use case.

EntraIDやjamf　Proでマルチユーザーモードでの展開方法が知りたい

Team,Good morning. Is there a reason I'm getting DNS Leakage? Did I forget something in my configuration  See screenshots below.  All "DNS Traffic" is enabled in the steering configuration. DNS Profile is configured with resolver IP of 162.10.1.1 Real-Time Policy is configured. Thanks.  Expand Post