-
-
Save phoob/671e65332c86682d5674 to your computer and use it in GitHub Desktop.
| #!/bin/bash | |
| # | |
| # The reason of creating this script is that Endpoint Security VPN installs it's own application firewall kext cpfw.kext | |
| # which prevents for example PPTP connections from this computer, which is not appropriate if you need subj connection just | |
| # from time to time | |
| # | |
| # Usage: ./checkpoint.sh | |
| # | |
| # The script checks if Enpoint Security VPN is running. If it is, then it shuts it down, if it is not, it fires it up. | |
| # Or, make an Automator action and paste the script. | |
| # You will need sudo power, of course | |
| # | |
| # To prevent Endpoint Security VPN from starting automatically whenever you restart your Mac, edit this file: | |
| # `/Library/LaunchAgents/com.checkpoint.eps.gui.plist` | |
| # And change the values of `RunAtLoad` and `KeepAlive` to `false` | |
| # [Source](https://superuser.com/questions/885273) | |
| SERVICE='Endpoint_Security_VPN' | |
| if pgrep $SERVICE > /dev/null | |
| then | |
| # $SERVICE is running. Shut it down | |
| sudo launchctl unload /Library/LaunchDaemons/com.checkpoint.epc.service.plist | |
| sudo kextunload /Library/Extensions/cpfw.kext | |
| killall $SERVICE | |
| else | |
| # $SERVICE is not running. Fire it up | |
| sudo launchctl load /Library/LaunchDaemons/com.checkpoint.epc.service.plist | |
| sudo kextload /Library/Extensions/cpfw.kext | |
| open '/Applications/Endpoint Security VPN.app' | |
| fi |
This should be:
/Applications/Endpoint\ Security\ VPN.app/Contents/MacOS/Endpoint_Security_VPN > /dev/null 2>&1 &
otherwise you create a lot of files named '1' wherever you call this script
I get an error 0:178: execution error: /System/Library/Extensions/cpfw.kext failed to load - (libkern/kext) not found; check the system/kernel logs for errors or try kextutil(8). (71)
@wazum and @ubaierbhat – I updated the script to use open '/Applications/Endpoint Security VPN.app' instead :)
Editing /Library/LaunchAgents/com.checkpoint.eps.gui.plist (setting RunAtLoad to false) does not prevent the VPN client from launching automatically anymore (since updating to VPN E80.71). Does anybody know how to prevent the automatic startup now?
Thanks for your help!
confirm what @rcsapo said.
Setting "RunAtLoad" to false does not prevent the VPN client from starting.
Just tip: You can use:
pgrep $SERVICE
instead of
ps ax | grep -v grep | grep $SERVICE
Hi ferben,
I know this is not directly pertinent to your script but would you know how to prevent Checkpoint from starting automatically? As mentioned above, setting "RunAtLoad" to in the above mentioned .plist-file did not do the trick for me. I'm on OS 10.15.3 and the version of Checkpoint is E82.00. Any help would be highly appreciated.
Best,
Robert
Please tell me how I can disable the autostart too :-)
Try to set "RunAtLoad" and "KeepAlive" to false ⇒ both this options must be false.
Try to set "RunAtLoad" and "KeepAlive" to false ⇒ both this options must be false.
Thanks a huge lot, ferben! This worked!
I've updated the gist based on the comments by @ferben
Try to set "RunAtLoad" and "KeepAlive" to false ⇒ both this options must be false.
I tried that and it did prevent checkpoint from starting on boot but I was unable to start and use it on demand so I had to reverse changing KeepAlive back to true to get it to work when I need to use it.
I wrote a small AppleScript that does nearly the same as the script above but in a better way for me. I will edit my post later and link to it on github for everyone to use it if needed.
Try to set "RunAtLoad" and "KeepAlive" to false ⇒ both this options must be false.
I tried that and it did prevent checkpoint from starting on boot but I was unable to start and use it on demand so I had to reverse changing KeepAlive back to true to get it to work when I need to use it.
I wrote a small AppleScript that does nearly the same as the script above but in a better way for me. I will edit my post later and link to it on github for everyone to use it if needed.
I cannot confirm that. Endpoint Security E82.00 starts alright on my system (OS 10.15.3) when needed. Autostart, however, is successfully prevented by the changes made to the .plist-file as suggested by @ferben.
Hi,
I hope that in near future Checkpoint will remove or update the Kernel extension (in Catalina Apple prevents that in the next version of macOS it will not work, I haven't tested it yet on macOS Bug Sur).
Also I have the problem with bonjour when the cpfw.kext is loaded (I cannot access my NAS using this protocol) => for time being I remove the extension, bonjour works again and the VPN client too. Therefore I do kont know why CheckPoint loads this extension that is not used in fact...
You save me more days. Thank you