After reading the post on http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039634.html about disabling secure configuartion verification in Checkpoint's SecureClient I thought I'd post my own findings.
My method of bypassing the check also requires Administrator privileges but does not require anything running in the background.
Here are the steps I took to bypass the check.
1. Download the free OPSEC Desktop SDK from www.opsec.com
2. Prepare an scv dll using the sample scv plugin in the sdk, have the plugin always return SCV_CHECK_PASSED in Status() function.
3. Make a copy of that dll for each dll that is being used by the policy, each time changing the #define PiName for the name of the check you want to bypass (For example AntivirusMonitior, RegMonitor). Copy the new dll's (dll name could be different) to Program Files\Checkpoint\SecureRemote\scv
4. Stop secureclient.
5. Use the tool provided in the sdk PiReg.exe to unregsiter (-d flag) the monitor dll's in Program Files\Checkpoint\SecureRemote\scv
6. Use the same tool to register all of the dll's with the same PiName.
7. Start secureclient.
"Configuration Verified"
---------------------
Avner Peled.
[EMAIL PROTECTED]
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
