Ask the community

How do we prevent Users from stopping Netskope services in MacOS BigSur?

dphung
New Contributor II

Hello,

 

About 90% of our users are on MacOS BigSur with full admin privileges on their laptop.  With older clients (v81 or below); users can simply go to Network Preferences and Click disconnect to stop Netskope from intercepting 80/443 traffic.  I have tested on client v87 and this issue has been fixed.  But we noticed that users are finding more creative ways to disable Netskope by doing the following in terminal:

(1) sudo chmod -x /Applications/Netskope\ Client.app/
(2) Activity Monitor --> Search for Netskope Client --> Force Quit

How do we prevent such actions?

Thanks!


2 Solutions

Hi @dphung A possible solution might be to pull clients status using api/v1/clients API call. More information about this API endpoint and Netskope API in general can be found at https://docs.netskope.com/en/get-client-data.html The branch of JSON response that you are interested in is called last_event

View solution in original post

One more solution that does not require API. You can check the tunnelStatus of /Library/Application\ Support/Netskope/STAgent/nsuser.conf file. When the tunnel is connected, the tunnelStatus should be "16".

View solution in original post

6 Replies 6
dphung
New Contributor II

I can also share that once your run the command above, restarting your laptop will not automatically restart the Netskope services.

sfoster
Netskope
Netskope

Hi, @dphung, with full admin privileges there are many ways the client could be disabled, I have seen developers create a route to null on their PC just for the Netskope gateway address!!

 

I’m afraid I don’t have an answer except changing the user access levels or even employ some kind of conditional access policy that requires the Netskope client to be active?

dphung
New Contributor II

Thanks @sfoster .  Do you know of any script that we can run in Jamf or other environment that can check if the client is connecting to the Netskope gateway? 

Hi @dphung A possible solution might be to pull clients status using api/v1/clients API call. More information about this API endpoint and Netskope API in general can be found at https://docs.netskope.com/en/get-client-data.html The branch of JSON response that you are interested in is called last_event

One more solution that does not require API. You can check the tunnelStatus of /Library/Application\ Support/Netskope/STAgent/nsuser.conf file. When the tunnel is connected, the tunnelStatus should be "16".

dphung
New Contributor II

Thanks @kkasavchenko .  I will see if we can create a jamf script to check this.

Subscribe

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In