Stop Zscaler Netskope or Cylance services on macOS

README.md

Disable macOS Cylance Zscaler or Netskope

The following scripts can be used to disable common security compliance software that blocks access to the Internet on corporate managed macOS computers. These scripts will not uninstall the software.

You may be asked to enter a password for command operations that require elevated privileges via sudo. If you do not have permission to run commands as a root user with sudo then these scripts will not work for you.

The changes made by these scripts may be reset after reboot. Where a 'stop' script makes a change to prevent automatic restarts, a 'start' script will be provided to reset any change back to normal.

Installation

Download the script/s to stop the relevant software shown below. You do not need to download all scripts. Only download the script that is relevant to you.

NOTE: Using curl to access gist.github.com may not work when Zscaler or Netskope are running. If so, use another method to download the script contents.

Zscaler stop/start

curl -L https://gist.github.com/christopher-hopper/c8033839ef927a201feb8a8e8d256ed7/raw/zscaler-stop.sh -o zscaler-stop.sh && chmod ug+x $_
curl -L https://gist.github.com/christopher-hopper/c8033839ef927a201feb8a8e8d256ed7/raw/zscaler-start.sh -o zscaler-start.sh && chmod ug+x $_

Netskope stop

curl -L https://gist.github.com/christopher-hopper/c8033839ef927a201feb8a8e8d256ed7/raw/netskope-stop.sh -o netskope-stop.sh && chmod ug+x $_

Cylance stop

curl -L https://gist.github.com/christopher-hopper/c8033839ef927a201feb8a8e8d256ed7/raw/cylance-stop.sh -o cylance-stop.sh && chmod ug+x $_

TIP: Optionally, after download move the script into the /usr/local/bin folder so you can execute it from anywhere.

Usage

After download and install the script can be executed in the terminal.

Usage: zscaler-stop.sh

In a terminal run the script:

./zscaler-stop.sh

To re-enable run the script:

./zscaler-start.sh

Usage: netskope-stop.sh

In a terminal run the script:

./netskope-stop.sh

After running the ./netskope-stop.sh script you will need to find and stop the Netskope Client proxy in your macOS System Settings.

1. Open macOS Apple menu 🍎 > System Setting dialog.
2. Click on 🌐 Network in the sidebar.
3. Click on VPN & Filters on the right.
4. Under Filters & Proxies find the Netskope Client Transparent Proxy and select it.
5. Once selected, use the minus button to remove it.

This will stop the transparent proxy from routing your traffic through Netskope.

Usage: cylance-stop.sh

In a terminal run the script:

./cylance-stop.sh

cylance-stop.sh

#!/usr/bin/env bash
# vim: ai ts=2 sw=2 et sts=2 ft=sh

# Exit on error unless '|| true'.
#set -o errexit
# Exit on error inside subshells functions.
set -o errtrace
# Do not use undefined variables.
set -o nounset
# Catch errors in piped commands.
set -o pipefail

# Allow empty globs.
shopt -s nullglob

IFS=$' '

main ()
{
  local _cylaunchd
  local _cyplist
  local _cykext
  local _procname

  _procname="cylance"

  # List launchd cylance services running.
  for _cylaunchd in $(launchctl list | grep -i "$_procname" | tail -r | cut -f 3); do
    echo -e "--- Remove: ${_cylaunchd}" 1>&2
    sudo launchctl stop "$_cylaunchd" || true
    sudo launchctl remove "$_cylaunchd" || true
  done

  # List launchd cyclance plist files.
  for _cyplist in /Library/LaunchDaemons/*"$_procname"*; do
    echo -e "--- Unload: ${_cyplist}" 1>&2
    sudo launchctl unload "$_cyplist" || true
  done

  echo -e "--- Kill: CylanceSvc" 1>&2
  killall CylanceSvc

  # List kextstat cylance kernel extensions.
  for _cykext in $(kextstat | grep -i "$_procname" | tr -s ' ' | tail -r | cut -d ' ' -f 7); do
    echo -e "--- Unload: ${_cykext}" 1>&2
    sudo kextunload -v 3 -b "$_cykext" || true
  done
}

main

netskope-stop.sh

#!/usr/bin/env bash
# vim: ai ts=2 sw=2 et sts=2 ft=sh

# Exit on error unless '|| true'.
#set -o errexit
# Exit on error inside subshells functions.
set -o errtrace
# Do not use undefined variables.
set -o nounset
# Catch errors in piped commands.
set -o pipefail

# Allow empty globs.
shopt -s nullglob

# Separator for expansion.
IFS=$' '

# Globals
# Set variables for current file, directory.
__dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
__file="${__dir}/$(basename "${BASH_SOURCE[0]}")"
__base="$(basename "${__file}" .sh)"
__invocation="$(printf %q "${__file}")$( (($#)) && printf ' %q' "$@")"

main ()
{
  local __launchd
  local __daemons_plist
  local __agents_plist
  local __proc_name
  __proc_name="netskope"

  # List launchd services running.
  for __launchd in $(launchctl list | grep -i "$__proc_name" | tail -r | cut -f 3); do
    echo -e "--- Remove: ${__launchd}" 1>&2
    sudo launchctl stop "$__launchd" || true
    sudo launchctl remove "$__launchd" || true
  done

  # List root LaunchDaemons plist files.
  for __daemons_plist in /Library/LaunchDaemons/*"$__proc_name"*; do
    echo -e "--- Unload: ${__daemons_plist}" 1>&2
    sudo launchctl unload "$__daemons_plist" || true
  done

  # List user LaunchAgents plist files.
  for __agents_plist in /Library/LaunchAgents/*"$__proc_name"*; do
    echo -e "--- Unload: ${__agents_plist}" 1>&2
    launchctl unload "$__agents_plist" || true
  done

  for __pid_num in $(sudo ps aux | grep -i "$__proc_name" | grep -v "$__base" | grep -v "grep" | tr -s ' ' | cut -d' ' -f 2); do
    echo -e "--- Kill: $__proc_name [$__pid_num]" 1>&2
    sudo kill -9 "$__pid_num" || true
  done
}

main

zscaler-start.sh

#!/usr/bin/env bash
# vim: ai ts=2 sw=2 et sts=2 ft=sh

# Exit on error unless '|| true'.
#set -o errexit
# Exit on error inside subshells functions.
set -o errtrace
# Do not use undefined variables.
set -o nounset
# Catch errors in piped commands.
set -o pipefail

# Allow empty globs.
shopt -s nullglob

IFS=$' '

main ()
{
  # Allow Zscaler to be executed or restarted.
  echo -e "--- Enable: Zscaler app" 1>&2
  sudo chmod a+x /Applications/Zscaler/Zscaler.app/Contents/MacOS/Zscaler

  echo -e "--- Restart: Zscaler" 1>&2
  killall Zscaler 2>/dev/null
  open -a /Applications/Zscaler/Zscaler.app -g
}

main

zscaler-stop.sh

#!/usr/bin/env bash
# vim: ai ts=2 sw=2 et sts=2 ft=sh

# Exit on error unless '|| true'.
#set -o errexit
# Exit on error inside subshells functions.
set -o errtrace
# Do not use undefined variables.
set -o nounset
# Catch errors in piped commands.
set -o pipefail

# Allow empty globs.
shopt -s nullglob

IFS=$' '

main ()
{
  local _zslaunchd
  local _zsplist
  local _procname

  _procname="zscaler"

  # Prevent Zscaler from being executed or restarted.
  echo -e "--- Disable: Zscaler app" 1>&2
  sudo chmod a-x /Applications/Zscaler/Zscaler.app/Contents/MacOS/Zscaler

  # List launchd zscaler services running.
  for _zslaunchd in $(launchctl list | grep -i "$_procname" | tail -r | cut -f 3); do
    echo -e "--- Remove: ${_zslaunchd}" 1>&2
    sudo launchctl stop "$_zslaunchd" || true
    sudo launchctl remove "$_zslaunchd" || true
  done

  # List launchd zscaler plugin plist files.
  for _zsplist in /Library/LaunchDaemons/*"$_procname"*; do
    echo -e "--- Unload: ${_zsplist}" 1>&2
    sudo launchctl unload "$_zsplist" || true
  done

  echo -e "--- Kill: Zscaler" 1>&2
  killall Zscaler
}

main

Netskope on macOS Ventura

After running the ./netskope-stop.sh you will need to find and stop the Netskope Client proxy in your macOS System Settings.

1. Open macOS Apple menu 🍎 > System Setting dialog.
2. Click on 🌐 Network in the sidebar.
3. Click on VPN & Filters on the right.
4. Under Filters & Proxies find the Netskope Client Transparent Proxy and select it.
5. Once selected, use the minus button to remove it.

This will stop the transparent proxy from routing your traffic through Netskope.