Skip to main content

Netskope Help

Netskope Client Hardening

Netskope Client provides various hardening options to ensure its smooth operation. This document provides insights into the hardening features of the Netskope Client installed on devices running Windows 10 or later. By using the Client hardening options, you can prevent users with elevated permissions from altering Client files and services and ensuring that the full functionality of security features offered by Netskope is available to you.

Netskope Client can be installed on end user devices as a non-intrusive application that facilitates a seamless user experience and steering configured end user traffic to Netskope Cloud. By design, the Netskope Client establishes a tunnel to Netskope Cloud by choosing the nearest POP (data center). This ensures the following:

  • Configured traffic from the client is steered via an optimal path to connect to Netskope POP.

  • The complete benefits of Netskope security services are available to the customers.

Depending on an organization's IT policy, end users may or may not have administrative rights on their respective system. An end user with administrative privileges has access and controls to alter the default configuration of the Client and its services installed on their devices. This can affect the normal functioning of the Netskope Client and may be detrimental to the organizations’ security policies.

Netskope Client Hardening Options

The following hardening options are available for ensuring smooth operation of Netskpe Client on end user devices running Windows 10 or later.

  • Tamperproofing

  • Configuration Encryption

  • Self Protection

Tamperproofing Netskope Client

The following tamperproof options are available as part of the Client configuration. To learn more, see the Tamperproof section of the Client Configuration article.

  • Disabling or enabling Client

  • Password protection to prevent unauthorized uninstallation of the Client

  • Block all traffic if the Client tunnel is not established

Client Configuration Encryption

The Client configuration files generated in the admin configuration and downloaded by the client can be encrypted. To enable encryption, reach out to Netskope Support.

Self Protection of Client Process and Files

When self-protection is enabled, users with elevated permissions are prevented from altering any sub-part (files, folders, and process) of the Netskope Client installation. To enable self-protection, reach out to Netskope customer support. When enabled, self-protection synced across all client configurations.