Disable Netskope client temporarily on your Mac
If you are using a corporate machine with Netskope installed on it, you may face SSL handshake errors, especially with Java apps throwing up javax.net.ssl.SSLHandshakeException errors when getting certificates proxied by Netskope instead of the original certificates. Therefore, it is useful to be able to disable Netskope client temporarily. However, most corporate MDM policies takes away the capability for you to disable the Netskope client from its UI.
But fret not, there still is a way to disable Netskope, though it require you to dance a little on the terminal and Activity Monitor.
Disable Netskope Client
Before I start, a short disclaimer. Do this at your own risk. If you’re not sure why you are doing this, don’t.
1. Unload the Netskope service
Open up Terminal (or iTerm2) and use the following command to unload the Netskope service. This will require your user id to have administrator rights. If you don’t, then unfortunately you are out of luck in trying to disable Netskope on your machine.
sudo launchctl unload /Library/LaunchDaemons/com.netskope.client.auxsvc-plist
The command should not display any output and will temporarily unload the Netskope service until you manually load the service again, or restart your Mac. If the service has already been disabled, you will see an error stating that it cannot find the service.
Want to get the same terminal experience as you see in the screenshot above? Check out my macOS set up for coding guide here now!
2. Force quit the Netskope client on Activity Monitor
Open up Activity Monitor and search for Netskope using the search bar. This next step is important. Double click on the NetSkope Client process and to get to the process’ dialog box.
I’ve tried both force quitting the client from the main screen and as well as from the process’ own dialog box. It seems that it will only properly quit when you do that from the dialog box. When you click on the Quit button, select to Force quit the Netskope client.
Once you have done that, you should see that Netskope is now temporarily disabled, even if the client still starts back up. Most corporate MDMs will auto-restart the Netskope client.
3. Check the certificates to confirm Netskope is temporarily disabled
You can easily check if your internet traffic is still being proxied through Netskope or not. Open up Safari and load up google.com (or any other websites for that matter) and check the certificate. When Netskope is enabled, you would see that the certificate will have is one that is generated by Netskope.
But when you disable Netskope successfully, you will see the original certificates again.
Enabling back Netskope
To enable back Netskope, just reload the Netskope service using the following command and force quit the Netskope client again as per the instructions above. You should see Netskope running back up again as it was.
sudo launchctl load /Library/LaunchDaemons/com.netskope.client.auxsvc-plist
If this post has been useful, support me by buying me a latte or two 🙂