Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How do we prevent Users from stopping Netskope services in MacOS BigSur?

Go to solution
dphung
New Contributor II

‎08-27-2021 11:25 AM - last edited on ‎02-14-2023 10:33 AM by Community Manager

Hello,

 

About 90% of our users are on MacOS BigSur with full admin privileges on their laptop.  With older clients (v81 or below); users can simply go to Network Preferences and Click disconnect to stop Netskope from intercepting 80/443 traffic.  I have tested on client v87 and this issue has been fixed.  But we noticed that users are finding more creative ways to disable Netskope by doing the following in terminal:

(1) sudo chmod -x /Applications/Netskope\ Client.app/
(2) Activity Monitor --> Search for Netskope Client --> Force Quit

How do we prevent such actions?

Thanks!


Labels:
2 ACCEPTED SOLUTIONS
Go to solution
kkasavchenko
Netskope
Netskope
In response to dphung

‎09-02-2021 03:37 AM

Hi @dphung A possible solution might be to pull clients status using api/v1/clients API call. More information about this API endpoint and Netskope API in general can be found at https://docs.netskope.com/en/get-client-data.html The branch of JSON response that you are interested in is called last_event

View solution in original post

Go to solution
kkasavchenko
Netskope
Netskope
In response to dphung

‎09-02-2021 04:13 AM

One more solution that does not require API. You can check the tunnelStatus of /Library/Application\ Support/Netskope/STAgent/nsuser.conf file. When the tunnel is connected, the tunnelStatus should be "16".

View solution in original post

6 REPLIES 6
Go to solution
dphung
New Contributor II

‎08-27-2021 11:33 AM

I can also share that once your run the command above, restarting your laptop will not automatically restart the Netskope services.

0 Likes
Go to solution
sfoster
Netskope
Netskope

‎08-30-2021 08:09 AM - edited ‎08-30-2021 08:10 AM

Hi, @dphung, with full admin privileges there are many ways the client could be disabled, I have seen developers create a route to null on their PC just for the Netskope gateway address!!

 

I’m afraid I don’t have an answer except changing the user access levels or even employ some kind of conditional access policy that requires the Netskope client to be active?

Go to solution
dphung
New Contributor II

‎08-30-2021 03:06 PM

Thanks @sfoster .  Do you know of any script that we can run in Jamf or other environment that can check if the client is connecting to the Netskope gateway? 

Go to solution
kkasavchenko
Netskope
Netskope
In response to dphung

‎09-02-2021 03:37 AM

Hi @dphung A possible solution might be to pull clients status using api/v1/clients API call. More information about this API endpoint and Netskope API in general can be found at https://docs.netskope.com/en/get-client-data.html The branch of JSON response that you are interested in is called last_event

Go to solution
kkasavchenko
Netskope
Netskope
In response to dphung

‎09-02-2021 04:13 AM

One more solution that does not require API. You can check the tunnelStatus of /Library/Application\ Support/Netskope/STAgent/nsuser.conf file. When the tunnel is connected, the tunnelStatus should be "16".

Go to solution
dphung
New Contributor II

‎09-02-2021 02:07 PM

Thanks @kkasavchenko .  I will see if we can create a jamf script to check this.

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In