Skip to main content
  • EN

Hello,


 


About 90% of our users are on MacOS BigSur with full admin privileges on their laptop.  With older clients (v81 or below); users can simply go to Network Preferences and Click disconnect to stop Netskope from intercepting 80/443 traffic.  I have tested on client v87 and this issue has been fixed.  But we noticed that users are finding more creative ways to disable Netskope by doing the following in terminal:

(1) sudo chmod -x /Applications/Netskope Client.app/
(2) Activity Monitor --> Search for Netskope Client --> Force Quit

How do we prevent such actions?

Thanks!


I can also share that once your run the command above, restarting your laptop will not automatically restart the Netskope services.

Hi, @dphung, with full admin privileges there are many ways the client could be disabled, I have seen developers create a route to null on their PC just for the Netskope gateway address!!


 


I’m afraid I don’t have an answer except changing the user access levels or even employ some kind of conditional access policy that requires the Netskope client to be active?

Thanks @sfoster .  Do you know of any script that we can run in Jamf or other environment that can check if the client is connecting to the Netskope gateway? 

Hi @dphung A possible solution might be to pull clients status using api/v1/clients API call. More information about this API endpoint and Netskope API in general can be found at https://docs.netskope.com/en/get-client-data.html The branch of JSON response that you are interested in is called last_event

One more solution that does not require API. You can check the tunnelStatus of /Library/Application Support/Netskope/STAgent/nsuser.conf file. When the tunnel is connected, the tunnelStatus should be "16".

Thanks @kkasavchenko .  I will see if we can create a jamf script to check this.

Reply


Terms & ConditionsCookie settings