Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Health Check for macOS

  1. Last updated
  2. Save as PDF

The End-to-End (E2E) health check feature monitors an endpoint to identify any failure scenarios in the Skyhigh Client that may prevent it from securing that endpoint. This feature will enable users to detect insecure and non-compliant endpoints, enables administrators to take corrective actions. If a health check fails, the Skyhigh Client will report the status as E2E health check failed and will automatically generate a Merlog. 

NOTE: The Skyhigh Client supports End-to-End Health Check only on macOS. 

How it Works?

Skyhigh Client consists of two primary components: scpd and the extension. The extension monitors web traffic according to a configured policy and forwards it to scpd. scpd then passes this traffic to the proxy. Once the proxy processes the request, scpd receives the response and sends it back to the extension, which delivers it to applications such as web browsers. The End-to-End Health Check verifies this entire data flow.

To validate the flow, scpd launches a child process that makes a web request to a specific address defined in the extension’s interception rules. If the extension is functioning correctly, it intercepts the request and forwards it to scpd, which then sends the traffic to the proxy. scpd processes the proxy’s response and adds special headers exclusively for the health check request generated by the child process. This modified response is sent back to the extension, which delivers it to the child process. The child process then examines the response for the special headers and informs scpd whether the health check has passed or failed.

Merlog Capture on E2E Check Failure

A Merlog is captured during a health-check failure and is only captured again after a successful check followed by another failure.  If the previous Merlog is less than an hour old, no new Merlog is created. Merlogs older than one hour are deleted during a new capture, ensuring that only one recent Merlog is retained at any given time.

Start and Stop the E2E Health Check

The health check is enabled by default. To disable it, add stop.scphealthcheck.internal to the policy's bypass list. 

Navigate to Skyhigh Client > Configuration > Client Profile > For traffic on non-redirected ports. 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.