Skip to content

Instantly share code, notes, and snippets.

@christopher-hopper

christopher-hopper/README.md

Last active December 30, 2025 17:29
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save christopher-hopper/c8033839ef927a201feb8a8e8d256ed7 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save christopher-hopper/c8033839ef927a201feb8a8e8d256ed7 to your computer and use it in GitHub Desktop.
Download ZIP
macOS Zscaler stop | disable Zscaler on mac
Raw
README.md

Disable macOS Zscaler

The following script can be used to disable Zscaler on macOS. Zscaler is software that blocks access to Internet resources on corporate managed computers. These scripts will not uninstall the Zscaler software.

You may be asked to enter a password for command operations that require elevated privileges via sudo. If you do not have permission to run commands with sudo then these scripts will not work for you.

Where the script makes a change to prevent automatic restarts, a 'start' action has been provided to reset those changes back to normal, so Zscaler can restart normally after a reboot.

Installation

Download and install the script using curl as shown below.

curl -L https://gist.github.com/christopher-hopper/c8033839ef927a201feb8a8e8d256ed7/raw/zscaler-stop.sh -o zscaler-stop.sh && chmod ug+x $_

NOTE: Using curl to access gist.github.com may not work when Zscaler is running. If so, copy and paste the raw script contents to a new file and save it as zscaler-stop.sh.

TIP: Optionally, after download move the script into the /usr/local/bin folder so you can execute it from anywhere.

Usage

After downloading the script can be executed in the terminal.

Usage: zscaler-stop.sh

To stop Zscaler, in a terminal run the script with no arguments:

./zscaler-stop.sh

To restart Zscaler, run the script with the start argument:

./zscaler-stop.sh start

To check if Zscaler is listening and get usage help, run the script with the help argument:

./zscaler-stop.sh help
Raw
zscaler-stop.sh
#!/usr/bin/env bash
# vim: ai ts=2 sw=2 et sts=2 ft=sh
# Exit on error unless '|| true'.
#set -o errexit
# Exit on error inside subshells functions.
set -o errtrace
# Do not use undefined variables.
set -o nounset
# Catch errors in piped commands.
set -o pipefail
# Enable case-insensitive globbing
shopt -s nocaseglob
# Allow empty globs.
shopt -s nullglob
IFS=$' '
# Globals.
export Z_APPNAME="Zscaler"
export Z_PLUGINS="ZDP"
export Z_APP="/Applications/Zscaler/Zscaler.app"
export Z_BIN="${Z_APP}/Contents/MacOS/Zscaler"
export Z_TNL="${Z_APP}/Contents/PlugIns/ZscalerTunnel"
export Z_SRV="${Z_APP}/Contents/PlugIns/ZscalerService"
## Stop Zscaler
#
# This function prevents Zscaler from being executed or restarted by
# changing the execute permissions of the Zscaler binary. It also
# stops the Zscaler app if it is running.
#
stop ()
{
local _zslaunchd
local _zsplist
# Prevent Zscaler from being executed or restarted.
echo -e "--- Disable: Zscaler app executables"
sudo chmod -vv a-x "${Z_BIN}"
sudo chmod -vv a-x "${Z_TNL}"
sudo chmod -vv a-x "${Z_SRV}"
echo -e "--- Kill: Zscaler"
sudo lsof -nP -t -c "/${Z_APPNAME}|${Z_PLUGINS}/i" | xargs -I{} sudo kill -9 {}
sudo launchctl list | grep -i -e "${Z_APPNAME}" -e "${Z_PLUGINS}" | cut -f 3 | xargs -I{} sudo launchctl bootout "system/{}"
launchctl list | grep -i -e "${Z_APPNAME}" -e "${Z_PLUGINS}" | cut -f 3 | xargs -I{} sudo launchctl bootout "gui/$(id -u)/{}"
killall "${Z_APPNAME}" 2>/dev/null || true
}
## Start Zscaler
#
# This function enables Zscaler to be executed or restarted by changing the
# execute permissions of the Zscaler binary. It also starts the Zscaler app
# if it is not running.
#
start ()
{
# Allow Zscaler to be executed or restarted.
echo -e "--- Enable: Zscaler app executables"
sudo chmod -vv a+x "${Z_BIN}"
sudo chmod -vv a+x "${Z_TNL}"
sudo chmod -vv a+x "${Z_SRV}"
echo -e "--- Restart: Zscaler app"
killall "${Z_APPNAME}" 2>/dev/null || true
open -a "${Z_APP}" -g
echo -e "--- IMPORTANT: Reboot your laptop now to complete the Zscaler restart."
}
## Check Zscaler connections and processes
#
# This function displays open network connections used by Zscaler.
#
check ()
{
echo -e "--- Check: Zscaler open network connections"
sudo lsof +c0 -Pi -a -c "/${Z_APPNAME}/i"
echo -e ""
echo -e "--- Check: Zscaler running processes"
sudo lsof -nP -t -c "/${Z_APPNAME}|${Z_PLUGINS}/i" | xargs -n1 -I{} ps -p {} -o pid=,command=
echo -e ""
echo -e "--- Check: Zscaler app binary"
local bin
for bin in "${Z_BIN}" "${Z_TNL}" "${Z_SRV}"; do
if [[ -x "${bin}" ]]; then
echo "ENABLED: ${bin}"
else
echo "DISABLED: ${bin}"
fi
done
echo -e ""
echo -e "--- Check: end"
echo -e ""
}
# Main entry point.
#
# This function is called with the arguments passed to the script.
#
# @param $@ The arguments passed to the script.
#
# @example
# ./zscaler-stop.sh stop
# ./zscaler-stop.sh start
main ()
{
if [[ "${1:-stop}" = "stop" ]]; then
check
stop
elif [[ "${1:-}" = "start" ]]; then
start
else
check
echo "Usage: $0 [stop|start]" 1>&2
exit 1
fi
}
main "$@"
@christopher-hopper
Copy link
Author

christopher-hopper commented May 21, 2025
edited
Loading

How can I tell if Zscaler is running?

If you reboot macOS your system may attempt to restart the Zscaler proxy in the background, even though the Zscaler client application is not running. Check to see if the Zscaler proxy is actively listening with this command:

sudo lsof +c0 -Pi -a -c "/zscaler/i"

The command above will show all network connections open for "zscaler".

Zscaler proxy listens on port 9000. If you see Zscaler listening on port 9000 run the zscaler-stop.sh script again to kill it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment