Skip to content

Instantly share code, notes, and snippets.

@christopher-hopper

christopher-hopper/README.md

Last active March 13, 2026 01:10
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save christopher-hopper/c8033839ef927a201feb8a8e8d256ed7 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save christopher-hopper/c8033839ef927a201feb8a8e8d256ed7 to your computer and use it in GitHub Desktop.
Download ZIP
macOS Zscaler stop | disable Zscaler on mac
Raw
README.md

Disable macOS Zscaler

The following script can be used to disable Zscaler on macOS. Zscaler is corporate spyware and security software that controls access to Internet resources and spoofs TLS certificates to allow inspection of encrypted communications on corporate managed computers.

This script will not uninstall the Zscaler software.

You may be asked to enter a password for command operations that require elevated privileges via sudo. If you do not have permission to run commands with sudo then these scripts will not work for you.

Where the script makes a change to prevent automatic restarts, a 'start' action has been provided to reset those changes back to normal, so Zscaler can restart normally after a reboot.

Installation

Download and install the script using curl as shown below.

curl -L https://gist.github.com/christopher-hopper/c8033839ef927a201feb8a8e8d256ed7/raw/zscaler-stop.sh -o zscaler-stop.sh && chmod ug+x $_

NOTE: Using curl to access gist.github.com may not work when Zscaler is running. If so, copy and paste the raw script contents to a new file and save it as zscaler-stop.sh.

TIP: Optionally, after download move the script into the /usr/local/bin folder so you can execute it from anywhere.

Usage

After downloading the script can be executed in the terminal.

Usage: zscaler-stop.sh

To stop Zscaler, in a terminal run the script with no arguments:

./zscaler-stop.sh

To restart Zscaler, run the script with the start argument:

./zscaler-stop.sh start

To check if Zscaler is listening and get usage help, run the script with the help argument:

./zscaler-stop.sh help
Raw
zscaler-stop.sh
#!/usr/bin/env bash
# vim: ai ts=2 sw=2 et sts=2 ft=sh
# Exit on error unless '|| true'.
#set -o errexit
# Exit on error inside subshells functions.
set -o errtrace
# Do not use undefined variables.
set -o nounset
# Catch errors in piped commands.
set -o pipefail
# Enable case-insensitive globbing
shopt -s nocaseglob
# Allow empty globs.
shopt -s nullglob
IFS=$' '
# Globals.
export Z_APPNAME="Zscaler"
export Z_PLUGINS="ZDP"
export Z_APP="/Applications/Zscaler/Zscaler.app"
export Z_BIN="${Z_APP}/Contents/MacOS/Zscaler"
export Z_TNL="${Z_APP}/Contents/PlugIns/ZscalerTunnel"
export Z_SRV="${Z_APP}/Contents/PlugIns/ZscalerService"
## Stop Zscaler
#
# Prevents Zscaler from being executed or restarted by removing execute
# permissions and stopping all associated services and processes.
#
stop ()
{
local _zslaunchd
local _zsplist
# Prevent Zscaler from being executed or restarted.
echo -e "--- Disable: Zscaler app executables"
sudo chmod -vv a-x "${Z_BIN}"
sudo chmod -vv a-x "${Z_TNL}"
sudo chmod -vv a-x "${Z_SRV}"
echo -e "--- Kill: Zscaler"
sudo lsof -nP -t -c "/${Z_APPNAME}|${Z_PLUGINS}/i" | xargs -I{} sudo kill -9 {}
sudo launchctl list | grep -i -e "${Z_APPNAME}" -e "${Z_PLUGINS}" | cut -f 3 | xargs -I{} sudo launchctl bootout "system/{}"
launchctl list | grep -i -e "${Z_APPNAME}" -e "${Z_PLUGINS}" | cut -f 3 | xargs -I{} sudo launchctl bootout "gui/$(id -u)/{}"
killall "${Z_APPNAME}" 2>/dev/null || true
}
## Start Zscaler
#
# Enables Zscaler by restoring binary execute permissions and restarts the
# app. A system reboot is recommended for a full service restoration.
#
start ()
{
# Allow Zscaler to be executed or restarted.
echo -e "--- Enable: Zscaler app executables"
sudo chmod -vv a+x "${Z_BIN}"
sudo chmod -vv a+x "${Z_TNL}"
sudo chmod -vv a+x "${Z_SRV}"
echo -e "--- Restart: Zscaler app"
killall "${Z_APPNAME}" 2>/dev/null || true
open -a "${Z_APP}" -g
echo -e "--- IMPORTANT: Reboot your laptop now to complete the Zscaler restart."
}
## Check Zscaler status
#
# Displays active Zscaler network connections, running processes, and the
# current execution status of its core binaries.
#
check ()
{
echo -e "--- Check: Zscaler open network connections"
sudo lsof +c0 -Pi -a -c "/${Z_APPNAME}/i"
echo -e ""
echo -e "--- Check: Zscaler running processes"
sudo lsof -nP -t -c "/${Z_APPNAME}|${Z_PLUGINS}/i" | xargs -n1 -I{} ps -p {} -o pid=,command=
echo -e ""
echo -e "--- Check: Zscaler app binary"
local bin
for bin in "${Z_BIN}" "${Z_TNL}" "${Z_SRV}"; do
if [[ -x "${bin}" ]]; then
echo "ENABLED: ${bin}"
else
echo "DISABLED: ${bin}"
fi
done
echo -e ""
echo -e "--- Check: end"
echo -e ""
}
## Main entry point.
#
# Parse command-line arguments to execute script operations.
#
# @param $1 The operation to perform, default operation is "stop"
#
# @example
# main "stop"
# main "start"
main ()
{
if [[ "${1:-stop}" = "stop" ]]; then
check
stop
elif [[ "${1:-}" = "start" ]]; then
start
else
check
echo "Usage: $0 [stop|start|help]" 1>&2
exit 1
fi
}
main "$@"
@christopher-hopper
Copy link
Author

christopher-hopper commented Mar 13, 2026

Thanks for this great script! Any chance this can be utilized outside of terminal? I was thinking about running this as via automator or script editor but when I tried to do this it ran into permission issues.

@elykrk the script could be used outside the terminal with something like Automator for Mac, or with a Launch Daemon plist file to run at boot time (RunAtLoad) or on a set interval (StartInterval), etc.. However you choose, in all cases the script does need elevated privileges in order to do what it needs to do.

In Automator you can run a shell script with elevated privileges using oascript which will ask for a password before it runs the script. This might not work though if you don't want to enter the password every time it is run.

Another option would be to configure your system's sudoers to allow elevated privileges, just for this script, without asking for a password. This would allow you (or anyone) to run the script and not ask for a password. With that in place, you can then use Automator and not have to enter a password at all. The only thing to be careful with here, is locking down the script file itself, so nobody can edit it without your knowledge. A shell script that runs as root without a password is a dangerous thing if left open for anyone to edit.

Does that help?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment