SCP Extension Details

Last updated
Save as PDF

Client Proxy leverages Apple’s Network Extension Framework to manage and secure network traffic on macOS devices. It includes two extension processes, activated based on policy configurations and responsible for specific capabilities.

com.trellix.CMF.networkextension
com.skyhighsecurity.epclient.networkextension

com.trellix.CMF.networkextension	com.skyhighsecurity.epclient.networkextension
This extension is always installed.	This extension installs and activates only if the policy includes either FWaaS (Firewall-as-a-Service) configuration or Private App (PA) traffic with UDP.
Includes the capabilities: NETransparentProxyProvider and NEFilterDataProvider	Includes the capabilities: NEPacketTunnelProvider and NEFilterDataProvider
NETransparentProxyProvider Redirects web traffic and Private Access TCP traffic to the configured proxy. Enforces consistent routing and policy for HTTP/HTTPS and selected TCP flows. Blocks UDP and IPv6 traffic when specified in the SCP policy.	NEPacketTunnelProvider Intercepts IP-layer traffic for tunneling (VPN-style routing). Forwards Private App traffic securely, especially UDP flows that need deeper control.
NEFilterDataProvider Monitors DNS responses to maintain real-time domain-to-IP mappings for traffic enforcement. Blocks processes for traffic on non-redirected ports.	NEFilterDataProvider Monitors DNS responses to track domain resolution. Supports consistent policy enforcement in tunneled traffic scenarios.

NOTE: The com.trellix.CMF.endpointsecurity extension is installed only with the DLP (Data Loss Prevention) product. It is used exclusively by DLP and does not handle or enforce any SCP network traffic. The com.skyhighsecurity.epclient.networkextension extension is installed and activated only when Private Access UDP (PA UDP) or Firewall-as-a-Service (FWaaS) is used.