Netskope Community
08-27-2021
11:25 AM
- last edited on
02-14-2023
10:33 AM
by
JulieB
Hello,
About 90% of our users are on MacOS BigSur with full admin privileges on their laptop. With older clients (v81 or below); users can simply go to Network Preferences and Click disconnect to stop Netskope from intercepting 80/443 traffic. I have tested on client v87 and this issue has been fixed. But we noticed that users are finding more creative ways to disable Netskope by doing the following in terminal:
(1) sudo chmod -x /Applications/Netskope\ Client.app/
(2) Activity Monitor --> Search for Netskope Client --> Force Quit
How do we prevent such actions?
Thanks!
Solved! Go to Solution.
09-02-2021 03:37 AM
Hi @dphung A possible solution might be to pull clients status using api/v1/clients API call. More information about this API endpoint and Netskope API in general can be found at https://docs.netskope.com/en/get-client-data.html The branch of JSON response that you are interested in is called last_event.
09-02-2021 04:13 AM
One more solution that does not require API. You can check the tunnelStatus of /Library/Application\ Support/Netskope/STAgent/nsuser.conf file. When the tunnel is connected, the tunnelStatus should be "16".
08-27-2021 11:33 AM
I can also share that once your run the command above, restarting your laptop will not automatically restart the Netskope services.
08-30-2021 08:09 AM - edited 08-30-2021 08:10 AM
Hi, @dphung, with full admin privileges there are many ways the client could be disabled, I have seen developers create a route to null on their PC just for the Netskope gateway address!!
I’m afraid I don’t have an answer except changing the user access levels or even employ some kind of conditional access policy that requires the Netskope client to be active?
08-30-2021 03:06 PM
Thanks @sfoster . Do you know of any script that we can run in Jamf or other environment that can check if the client is connecting to the Netskope gateway?
09-02-2021 03:37 AM
Hi @dphung A possible solution might be to pull clients status using api/v1/clients API call. More information about this API endpoint and Netskope API in general can be found at https://docs.netskope.com/en/get-client-data.html The branch of JSON response that you are interested in is called last_event.
09-02-2021 04:13 AM
One more solution that does not require API. You can check the tunnelStatus of /Library/Application\ Support/Netskope/STAgent/nsuser.conf file. When the tunnel is connected, the tunnelStatus should be "16".
09-02-2021 02:07 PM
Thanks @kkasavchenko . I will see if we can create a jamf script to check this.
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In