ZScaler - cannot stop the service without passwords

Asked 29/3, 2023 at 9:22 Answered 19/6, 2024 at 12:11

I have installed a ZScaler client to be able to access my client's network remotely.
I got their username and passwords and it seems it is working, but it cut off me from my network and disabled many important services (according to the client's network policy), including my mail.
I do not have ZScaler Logout nor Uninstall password, but I have Administrator rights on my (own) computer.

I wanted to stop this service, but it is very tough (resilient to Task Manager and Services) operation.
That means when I kill ZScaler from Task Manager, it reappears. In Services, Stop command is disabled (grayed). I tried to kill it from command line (taskkill PID), but it reappears again!

(Luckily, I can access internet to write this question.)

Sweatband answered 29/3, 2023 at 9:22 Comment(0)

I have found a very satisfying solution here:

If you have admin rights, you can disable it under Powershell.

List the status:
Get-NetAdapterBinding -AllBindings -ComponentID ZS_ZAPPRD

Disable:
Get-NetAdapterBinding -AllBindings -ComponentID ZS_ZAPPRD | Disable-NetAdapterBinding

Enable:
Get-NetAdapterBinding -AllBindings -ComponentID ZS_ZAPPRD | Enable-NetAdapterBinding

Sweatband answered 29/3, 2023 at 9:55 Comment(5)

This is awesome, thank you! Does disabling persist through System Reboots? – Apomixis 17/11, 2023 at 9:45

This does not appear to work, there is no NetAdapterBinding with that name, or any name related to zscaler :/ – Coruscation 23/11, 2023 at 6:20

It was working the time the question was asked, unfortunately currently it seems that ZScaler uses some different technique to intercept network traffic – Jaret 23/2, 2024 at 16:39

It is possible that this is not working for a newer versions, I do not have it to check. – Sweatband 1/3, 2024 at 9:23

Can't believe it worked! I ran Powershell as an admin. – Boettcher 2/3, 2024 at 9:21

there are also some hidden adapters, for example your IKEv2 miniport adapter - a VPN directly from windows and it will not work unless you disable the bindings as well and these adapters are hidden: so, the above command set should be changed to: Get-NetAdapterBinding -AllBindings -ComponentID ZS_ZAPPRD -IncludeHidden | Disable-NetAdapterBinding

How to remove the binding I was not able to figure out, but just only disabling bindings effectively disables the app. The only danger is that it reports everything so it will also report that there are no traffic from this laptop or PC, so you will be caught anyway. More effective is to switch to other - clean hardware

Ecumenical answered 14/6, 2024 at 17:12 Comment(0)

To disable all the Zsaler services : Rename the "Zscaler" folder in "C:\Program Files (x86)" and restart your computer.

For example : "C:\Program Files (x86)\Zscaler" become "C:\Program Files (x86)\Zscaler_disable"

To enable zsaler again : Rename the "Zscaler" folder with the right original name and restart your computer.

Lumpen answered 19/6, 2024 at 12:11 Comment(0)

Recommended topics

Hot tags