How do we prevent Users from stopping Netskope services in MacOS BigSur?

  • 27 August 2021
  • 6 replies

Badge +7



About 90% of our users are on MacOS BigSur with full admin privileges on their laptop.  With older clients (v81 or below); users can simply go to Network Preferences and Click disconnect to stop Netskope from intercepting 80/443 traffic.  I have tested on client v87 and this issue has been fixed.  But we noticed that users are finding more creative ways to disable Netskope by doing the following in terminal:

(1) sudo chmod -x /Applications/Netskope
(2) Activity Monitor --> Search for Netskope Client --> Force Quit

How do we prevent such actions?



Best answer by kkasavchenko 2 September 2021, 12:37

View original

6 replies

Badge +7

I can also share that once your run the command above, restarting your laptop will not automatically restart the Netskope services.

Userlevel 2
Badge +13

Hi, @dphung, with full admin privileges there are many ways the client could be disabled, I have seen developers create a route to null on their PC just for the Netskope gateway address!!


I’m afraid I don’t have an answer except changing the user access levels or even employ some kind of conditional access policy that requires the Netskope client to be active?

Badge +7

Thanks @sfoster .  Do you know of any script that we can run in Jamf or other environment that can check if the client is connecting to the Netskope gateway? 

Badge +7

Hi @dphung A possible solution might be to pull clients status using api/v1/clients API call. More information about this API endpoint and Netskope API in general can be found at The branch of JSON response that you are interested in is called last_event

Badge +7

One more solution that does not require API. You can check the tunnelStatus of /Library/Application Support/Netskope/STAgent/nsuser.conf file. When the tunnel is connected, the tunnelStatus should be "16".

Badge +7

Thanks @kkasavchenko .  I will see if we can create a jamf script to check this.