Skip to content

Instantly share code, notes, and snippets.

@christopher-hopper

christopher-hopper/README.md

Last active October 14, 2025 23:46
Show Gist options
  • Save christopher-hopper/c8033839ef927a201feb8a8e8d256ed7 to your computer and use it in GitHub Desktop.
Save christopher-hopper/c8033839ef927a201feb8a8e8d256ed7 to your computer and use it in GitHub Desktop.
Download ZIP
macOS Zscaler stop
Raw
README.md

Disable macOS Zscaler

The following scripts can be used to disable common security compliance software that blocks access to the Internet on corporate managed macOS computers. These scripts will not uninstall the software.

You may be asked to enter a password for command operations that require elevated privileges via sudo. If you do not have permission to run commands as a root user with sudo then these scripts will not work for you.

The changes made by these scripts may be reset after reboot. Where a 'stop' script makes a change to prevent automatic restarts, a 'start' will be provided to reset any change back to normal.

Installation

Download the script as shown below.

curl -L https://gist.github.com/christopher-hopper/c8033839ef927a201feb8a8e8d256ed7/raw/zscaler-stop.sh -o zscaler-stop.sh && chmod ug+x $_

NOTE: Using curl to access gist.github.com may not work when Zscaler is running. If so, copy and paste the raw script contents to a new file and save it as zscaler-stop.sh.

TIP: Optionally, after download move the script into the /usr/local/bin folder so you can execute it from anywhere.

Usage

After downloading the script can be executed in the terminal.

Usage: zscaler-stop.sh

To stop Zscaler, in a terminal run the script with no arguments:

./zscaler-stop.sh

To restart Zscaler, run the script with the start argument:

./zscaler-stop.sh start

To check if Zscaler is listening and get usage help, run the script with the help argument:

./zscaler-stop.sh help
Raw
zscaler-stop.sh
#!/usr/bin/env bash
# vim: ai ts=2 sw=2 et sts=2 ft=sh
# Exit on error unless '|| true'.
#set -o errexit
# Exit on error inside subshells functions.
set -o errtrace
# Do not use undefined variables.
set -o nounset
# Catch errors in piped commands.
set -o pipefail
# Enable case-insensitive globbing
shopt -s nocaseglob
# Allow empty globs.
shopt -s nullglob
IFS=$' '
# Globals.
export Z_PROC="Zscaler"
export Z_APP="/Applications/Zscaler/Zscaler.app"
export Z_BIN="${Z_APP}/Contents/MacOS/Zscaler"
export Z_TNL="${Z_APP}/Contents/PlugIns/ZscalerTunnel"
export Z_SRV="${Z_APP}/Contents/PlugIns/ZscalerService"
## Stop Zscaler
#
# This function prevents Zscaler from being executed or restarted by
# changing the execute permissions of the Zscaler binary. It also
# stops the Zscaler process if it is running.
#
stop ()
{
local _zslaunchd
local _zsplist
# Prevent Zscaler from being executed or restarted.
echo -e "--- Disable: Zscaler app executables"
sudo chmod -vv a-x "${Z_BIN}"
sudo chmod -vv a-x "${Z_TNL}"
sudo chmod -vv a-x "${Z_SRV}"
echo -e "--- Kill: Zscaler"
sudo lsof -nP -t -c "/${Z_PROC}/i" | xargs -I{} sudo kill -9 {}
launchctl list | grep -i "${Z_PROC}" | tail -r | cut -f 3 | xargs -I{} sudo launchctl bootout "gui/$(id -u)/{}"
killall "${Z_PROC}" 2>/dev/null || true
}
## Start Zscaler
#
# This function enables Zscaler to be executed or restarted by changing the
# execute permissions of the Zscaler binary. It also restarts the Zscaler
# process if it is running.
#
start ()
{
# Allow Zscaler to be executed or restarted.
echo -e "--- Enable: Zscaler app executables"
sudo chmod -vv a+x "${Z_BIN}"
sudo chmod -vv a+x "${Z_TNL}"
sudo chmod -vv a+x "${Z_SRV}"
echo -e "--- Restart: Zscaler app"
killall "${Z_PROC}" 2>/dev/null || true
open -a "${Z_APP}" -g
echo -e "--- IMPORTANT: Reboot your laptop now to complete the Zscaler restart."
}
## Check Zscaler open network connections
#
# This function displays all open network connections used by Zscaler.
#
check ()
{
echo -e "--- Check: Zscaler open network connections"
sudo lsof +c0 -Pi -a -c "/${Z_PROC}/i"
echo -e ""
echo -e "--- Check: Zscaler app binary"
if [[ -x "${Z_BIN}" ]]; then
echo "ENABLED: ${Z_BIN}"
else
echo "DISABLED: ${Z_BIN}"
fi
echo -e "--- Check: end"
echo -e ""
}
# Main entry point.
#
# This function is called with the arguments passed to the script.
#
# @param $@ The arguments passed to the script.
#
# @example
# ./zscaler-stop.sh stop
# ./zscaler-stop.sh start
main ()
{
if [[ "${1:-stop}" = "stop" ]]; then
check
stop
elif [[ "${1:-}" = "start" ]]; then
start
else
check
echo "Usage: $0 [stop|start]" 1>&2
exit 1
fi
}
main "$@"
@christopher-hopper
Copy link
Author

christopher-hopper commented May 21, 2025
edited
Loading

How can I tell if Zscaler is running?

If you reboot macOS your system may attempt to restart the Zscaler proxy in the background, even though the Zscaler client application is not running. Check to see if the Zscaler proxy is actively listening with this command:

sudo lsof +c0 -Pi -a -c "/zscaler/i"

The command above will show all network connections open for "zscaler".

Zscaler proxy listens on port 9000. If you see Zscaler listening on port 9000 run the zscaler-stop.sh script again to kill it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment