3
1
To connect to a customers network, I had to install Check point VPN-1 secure client
.
Version information:
VPN-1 SecureClient NGX R60 HFA2 (Build001)
The tool block all incoming traffic to my computer. (Which is fine by me as long as I'm connected to the remote site but even if the VPN connection is inactive, my computer cannot be connected to (e.g. for a VNC session of a co-worker within our corporate net).
I have already tried:
- Disable windows firewall (also the service completely)
- disable/stop the Check Point VPN-1 Securemote service + its watchdog service
- (the stuff Paul proposed in his answer, see in the comments there)
I cannot use [Check Point Tray Icon] -> [Tools] -> [Disable Security policy] as that is grayed out.
How can I FULLY disable this thing?
I have full admin access on my machine (how else could I disable my firewall (service!) and the CP Windows service.
This is a Win XP sp3 machine.
To reiterate: I do not mind the tool blocking what it wants while it is active but it also fully blocks inbound connections while it is not active -- even while its Windos Service isn't even running! (Note that the Check Point diagnostic utility does show in its log the dropped inbound packets.)
Another clarification: The tool does not block outgoing traffic, that is I can browse the net, check mails, etc. even while it is active just fine. However it does block all inbound connections (essentially like Windows firewall would do by default, dropping all inbound packets).
I can only assume I've either missed another service of this or it has installed a device driver or root kit of some sorts to enforce its so called security policy while it is not even in use.
There's probably a device driver associated with the filter, if you can identify the appropriate driver the sc command line tool may allow you to stop it. Of course not all device drivers can be stopped without rebooting the system. – Harry Johnston – 2011-10-05T21:53:14.390
1One possible workaround: remove the VPN client and then install it in a virtual machine. The main catch is that depending on how your copy of Windows is licensed you might need to buy an additional license for the VM. :-( – Harry Johnston – 2011-10-05T21:54:58.163
Isn't there a second service called "Check Point Watchdog" or something similar? Did you try disabling that one, too? – mich732 – 2011-10-06T06:19:24.797
@mich732 - yes I also disabled that one. didn't mention it. I'll edit. – Martin – 2011-10-06T06:41:51.443
With your update my answer makes no sense at all, so I deleted it:-) – Rory Alsop – 2011-10-06T08:47:57.857