Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[Full-disclosure] Another Checkpoint SecureClient NGX SCV Bypass
From: Avner Peled (avnerusgmail.com)
Date: Thu Dec 15 2005 - 02:35:34 CST
After reading the post on
disabling secure configuartion verification in Checkpoint's
SecureClient I thought I'd post my own findings.
My method of bypassing the check also requires Administrator privileges but
does not require anything running in the background.
Here are the steps I took to bypass the check.
1. Download the free OPSEC Desktop SDK from www.opsec.com
2. Prepare an scv dll using the sample scv plugin in the sdk, have the
plugin always return SCV_CHECK_PASSED in Status() function.
3. Make a copy of that dll for each dll that is being used by the policy,
each time changing the #define PiName for the name of the check you want to
bypass (For example AntivirusMonitior, RegMonitor). Copy the new dll's (dll
name could be different) to Program Files\Checkpoint\SecureRemote\scv
4. Stop secureclient.
5. Use the tool provided in the sdk PiReg.exe to unregsiter (-d flag) the
monitor dll's in Program Files\Checkpoint\SecureRemote\scv
6. Use the same tool to register all of the dll's with the same PiName.
7. Start secureclient.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/