Disable Netskope client temporarily on your Mac

Share this:

If you are using a corporate machine with Netskope installed on it, you may face SSL handshake errors, especially with Java apps throwing up javax.net.ssl.SSLHandshakeException errors when getting certificates proxied by Netskope instead of the original certificates. Therefore, it is useful to be able to disable Netskope client temporarily. However, most corporate MDM policies takes away the capability for you to disable the Netskope client from its UI.

Can’t disable Netskope from the UI

But fret not, there still is a way to disable Netskope, though it require you to dance a little on the terminal and Activity Monitor.

Disable Netskope Client

Before I start, a short disclaimer. Do this at your own risk. If you’re not sure why you are doing this, don’t.

1. Unload the Netskope service

Open up Terminal (or iTerm2) and use the following command to unload the Netskope service. This will require your user id to have administrator rights. If you don’t, then unfortunately you are out of luck in trying to disable Netskope on your machine.

sudo launchctl unload /Library/LaunchDaemons/com.netskope.client.auxsvc.plist
Unload Netskope service using terminal

The command should not display any output and will temporarily unload the Netskope service until you manually load the service again, or restart your Mac. If the service has already been disabled, you will see an error stating that it cannot find the service.

powerlevel10k zsh theme on item

Want to get the same terminal experience as you see in the screenshot above? Check out my macOS set up for coding guide here now!

2. Force quit the Netskope client on Activity Monitor

Open up Activity Monitor and search for Netskope using the search bar. This next step is important. Double click on the NetSkope Client process and to get to the process’ dialog box.

Quit Netskope client using Activity Monitor

I’ve tried both force quitting the client from the main screen and as well as from the process’ own dialog box. It seems that it will only properly quit when you do that from the dialog box. When you click on the Quit button, select to Force quit the Netskope client.

Force quit Netskope client
Error, group does not exist! Check your syntax! (ID: “2”)

Once you have done that, you should see that Netskope is now temporarily disabled, even if the client still starts back up. Most corporate MDMs will auto-restart the Netskope client.

Netskope is now temporarily disabled

3. Check the certificates to confirm Netskope is temporarily disabled

You can easily check if your internet traffic is still being proxied through Netskope or not. Open up Safari and load up google.com (or any other websites for that matter) and check the certificate. When Netskope is enabled, you would see that the certificate will have is one that is generated by Netskope.

Netskope generated TLS certs

But when you disable Netskope successfully, you will see the original certificates again.

Original certificate after disabling Netskope

Enabling back Netskope

To enable back Netskope, just reload the Netskope service using the following command and force quit the Netskope client again as per the instructions above. You should see Netskope running back up again as it was.

sudo launchctl load /Library/LaunchDaemons/com.netskope.client.auxsvc.plist

If this post has been useful, support me by buying me a latte or two 🙂
Buy Me A Coffee
Share this:

You may also like...

2 Responses

  1. Jeff says:

    There is a typo in your code:
    Should be com.netskope.client.auxsvc.plist
    There’s a dash instead of a period.

  2. Ken Ng says:

    Thanks for spotting it!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.