 | ||
 Stopping/shutting down Integrity agent to overcome SCV check failures | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2007-04-26 | |||
| |||
 Stopping/shutting down Integrity agent to overcome SCV check failures Hi, I wanted to find a way to stop users with local administrator priv on their m/c from stopping/shutting down the Integrity client/agent before using the secure client to connect using vpn. They are doing this so that even if their m/cs fail compliance their vpn connection is not blocked as integrity agent is not running. So they are able to access the internal resources... In essence they are circumventing the whole idea by shutting down integrity agent and just using secure client. As long as integrity client and secure client are running and compliance check fails , their connections are blocked by integrity agent on non-compliance ... Are there any work arounds pls Thnx -Arif  |
| 2007-04-27 | |||
| |||
| Re: Stopping/shutting down Integrity agent to overcome SCV check failures Are you using integrity flex or agent? flex gives user all rights. if agent try this- policy > client settings tab > untick 'permit user to shut down client' |
| 2007-04-27 | |||
| |||
| Re: Stopping/shutting down Integrity agent to overcome SCV check failures Thanx for your reply. I have already un-checked that option which says "permit user to shut down client when enterprise policy is active" . This will not allow the user to shutdown integrity agent while you are connected to vpn . The problem is they are shutting integrity agent even before connecting to VPN via secure client. so when they start secure client for connection, integrity agent is already disabled/shut down. Is there a way to prevent this(may be i will create another policy which is in affect while user is disconnected from vpn and enable the above setting and see) . any ideas or workarounds would be appreciated. Thnx |
| 2007-05-11 | |||
| |||
| Re: Stopping/shutting down Integrity agent to overcome SCV check failures Are you using a disconnected policy and connected policy? In our disconnected policy we have these options selected 'Enforce this policy when client is disconnected.' and this unselected 'Permit user to shut down client when enterprise policy is active.' That means that our users can't shut the agent down - even the ones with full admin accounts. I have found a way to shut the client down that works around this, but it's not a straight forward approach. |
| 2007-05-16 | |||
| |||
| Re: Stopping/shutting down Integrity agent to overcome SCV check failures Can you share the work around ? Task Mgr denies access when you try to shutdown the iclient.exe when the disconnected policy is in place Thnx |
| 2007-05-21 | |||
| |||
| Re: Stopping/shutting down Integrity agent to overcome SCV check failures There's also an option to remove the icon from the systray. This makes it a little harder for unwitting users to shut it down. |
| 2007-06-05 | |||
| |||
| Re: Stopping/shutting down Integrity agent to overcome SCV check failures Quote:
boot into safemode, rename the checkpoint app folder to checkpoint1 and then reboot. This is the only way I have found to stop it loading on our client systems where we don't allow end users to shut the client down. Under older versions you could use msconfig, but not with v6/6.5 Obviously for this you'll need the local Admin account deatils for the system. |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
