Bypass Endpoint Protection Web Traffic Redirection on macOS clients
search cancel

Bypass Endpoint Protection Web Traffic Redirection on macOS clients


Article ID: 176364


Updated On:


Endpoint Protection Cloud Secure Web Gateway - Cloud SWG


Some 3rd party applications, such as SSL VPN clients, do not support connecting though a loopback proxy. This document provides information on adding a list of one or more addresses to bypass to the proxy.pac file hosted by the Symantec Endpoint Protection (SEP) client Web Traffic Redirection (WTR) Local Proxy Service (LPS).


Apple macOS


On SEP for Mac clients which are using WTR, this bypass functionality can be achieved by updating the local proxy.pac and restarting the LPS component. You need to have admin permission to carryout the changes to your client system.

Configure the Proxy Auto Configuration (PAC) file

The local proxy.pac can be found in the following path:

  • Library/Application Support/Symantec/Silo/MES/WTR

This file can be replaced with a modified proxy.pac created and validated similar to Windows clients - refer to Bypass Endpoint Protection Web Traffic Redirection using LPSFlags.exe

Use the PAC File Management Service (PFMS) PAC file

  1. Add the required addresses to the Bypassed Sites in the WSS portal (see Add sites to the bypass list in Web Security Service for more information on configuring Bypassed Sites)
  2. To export the PFMS PAC file:
    1. Browse to and log in to your WSS account
    2. Click Service > Mobility > PAC File Management, click on the correctly configured PAC file, and click Download
    3. Save the file to an accessible folder as proxy.pac, and open the saved file in a text editor
    4. Add the following lines to the start of the FindProxyForURL method:
      if (shExpMatch(url, 'http://captive*'))
          return 'DIRECT';
    5. Then replace the line
      return "PROXY ";
      return 'PROXY localhost:<<port>>';
    6. Re-save the file and copy over to the macOS clients in question

Refer to the attached sample proxy.pac file. 

Replace the PAC file

  1. Rename the existing proxy.pac file to proxy.pac.bak within the Library/Application Support/Symantec/Silo/MES/WTR folder
  2. Replace the proxy.pac in folder Library/Application Support/Symantec/Silo/MES/WTR with the modified proxy.pac file.
  3. Unload the LPS component using following command from terminal:
    sudo launchctl unload /Library/LaunchDaemons/*plist
  4. Check the SymSepLps component is unloaded using Activity Monitor 
  5. Load the LPS component using following command from terminal:
    sudo launchctl load /Library/LaunchDaemons/*plist
  6. Check the SymSepLps component is loaded using Activity Monitor
  7. Wait for couple of minutes, then download a copy of the LPS PAC file from http://localhost:2968/proxy.pac to confirm the changes


proxy.pac get_app