Skip to main content
Skip table of contents

macOS Agent FAQs

VPN

Why does the HYAS Protect agent stop working on macOS when a VPN connection is established?

When using full-tunnel VPNs like Palo Alto GlobalProtect (with split tunneling disabled), macOS overrides system DNS settings to prioritize internal VPN resolvers. As a result, the loopback DNS proxy used by the HYAS Protect agent (typically at 127.0.0.1:53) may be bypassed, preventing DNS queries from being inspected or sent to HYAS.

Does this issue affect Windows devices too?

No. On Windows, the DNS resolver stack handles multiple entries differently and typically continues to allow DNS traffic to reach the HYAS Protect agent — even after a VPN connection is made — provided the agent is installed and the VPN configuration is consistent with supported use cases.

Is this a HYAS-specific issue?

No, this behavior stems from how macOS handles DNS precedence and system routing when VPN connections are active. Many local DNS-based security solutions experience similar behavior unless explicitly accounted for in the VPN or OS configuration.

How can I confirm if this issue is occurring on my macOS device?

Run the following command in Terminal after connecting to the VPN:

CODE 
scutil --dns

  • Look for 127.0.0.1 under the list of resolvers.

  • If it's missing or deprioritized, the agent is likely being bypassed.

To test it directly:

CODE 
dig @127.0.0.1 example.com

  • If no response is returned, system DNS queries are not going through the local proxy.

What are the recommended workarounds to restore functionality on macOS while using a VPN?

You have a few options:

  1. Use a split-tunnel or split-DNS VPN configuration

    • This allows DNS queries meant for HYAS to bypass the VPN and reach the agent.

  2. Manually configure macOS to prioritize the local DNS proxy

    • Create a custom resolver under /etc/resolver/

    • Or apply a network configuration profile that enforces DNS settings.

  3. Engage your VPN administrator

    • Ask if GlobalProtect or your VPN solution supports "No DNS Override" or similar policies that preserve local DNS routing.

Agent Management

How long after I install an Agent should I expect to see it in the dashboard?

The HYAS Protect Agent checks in every 5 minutes. If the machine is running and no local errors are present, you should see the device in the portal within 5 minutes.

How Do I Enable Debug Mode?

In all cases where it is suspected that the HYAS agent may be encountering an issue or may be the cause of connectivity issues it is highly recommended to enable debug logging for the HPA to capture verbose telemetry to expedite troubleshooting.

How do I view the HYAS Protect Agent's local logs?

In the Finder, show hidden folders by pressing Command + Shift + . (period)

Then, navigate to:

  • macintosh HD/private/var/log/com.hyas.protect

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close