Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

SCP 4.8.0 Delta handout

 

► Apply a different SSE policy to SCP via ePOs

Skyhigh Client Proxy can be configured to pull policies from SSE policy using Trellix Onprem/SaaS ePOs. This can help users to migrate to different policies without the help of any other deployment tools if Trellix Agent is already present in the endpoint. Earlier Once SSE policy is applied in SCP, SCP rejects all the policy updates from ePO. Now SCP accepts ePO policy update from even if an SSE policy is applied in SCP provided the below conditions are satisfied.

  • The ePO policy name should be different that the currently applied SCP SSE policy.
  • The ePO policy should have “Download Policy From Skyhigh SSE” option be enabled

For example, let’s say an SSE Policy called SSEPolicy1 is applied to SCP and the customer wants to apply another SSE policy SSEPolicy2 to the same endpoint. We can achieve this with the help of this feature. For this, admin needs to create a policy named SSEPolicy2 in SSE with the desired changes(if not already existing). The next step is to create an ePO policy with the same name SSEPolicy2, same Shared Secret and enable “Download Policy From Skyhigh SSE” checkbox in the ePO policy. Push this policy to SCP via ePO, after accepting the ePO Policy SCP pulls SSEPolicy2 from SSE and applies it.

► Supports Cloud Firewall Features on macOS

You can now enable Cloud Firewall connection on the SCP Clients running macOS to securely connect to the Skyhigh Cloud Firewall and stay protected.
Configure Skyhigh Client Proxy to support these Cloud Firewall key capabilities:

  • Perform a deeper level inspection of network traffic and protect against malicious traffic.
  • Enforce Cloud Firewall policy based on IP addresses and domains to filter your network traffic.

Please refer to below links:

► Supports macOS Sonoma 

Client Proxy works on Sonoma when IPv6 is disabled. Earlier MacOS versions without Ipv6 disable worked fine because they allowed fallback to IPv4 if IPv6 was blocked. Sonoma has changed this behaviour and traffic is not falling back to IPv4 if IPv6 is blocked. Fo details, see Prerequisites for Using SCP in macOS Sonoma.

IPv6 can be disabled manually or through MDM.

To disable IPv6, run the following command in the terminal window:
sudo networksetup -listallnetworkservices

This will list all of your network interfaces and their names. Identify the network interface you are using, most commonly Ethernet or Wi-Fi. Use the following command in the terminal window to disable IPv6 on that interface. Please note that you may have to use quote marks to envelope the interface name.

A few examples:
sudo networksetup -setv6off Ethernet
sudo networksetup -setv6off Wi-Fi

You will be prompted to enter your OS X administrator password. Afterwards, IPv6 will be disabled.

► Skyhigh Rebranding changes (Bug Fix on macOS)

SCP Distribution Package - The SCP distribution package (DMG) on macOS had McAfee reference. Changed to SCP.

clipboard_e930367b97980c00f8d86cf46218c1f83.png

  • Was this article helpful?