The reason of creating this script is that Endpoint Security VPN installs it's own application firewall kext cpfw.kext which prevents for example PPTP connections from this computer, which is not appropriate if you need subj connection just from time to time.

checkpoint.sh

#!/bin/bash
#
# The reason of creating this script is that Endpoint Security VPN installs it's own application firewall kext cpfw.kext
# which prevents for example PPTP connections from this computer, which is not appropriate if you need subj connection just
# from time to time
#
# Usage: ./checkpoint.sh
#
# The script checks if Enpoint Security VPN is running. If it is, then it shuts it down, if it is not, it fires it up.
# Or, make an Automator action and paste the script.
# You will need sudo power, of course
#
# To prevent Endpoint Security VPN from starting automatically whenever you restart your Mac, edit this file:
# `/Library/LaunchAgents/com.checkpoint.eps.gui.plist`
# And change the values of `RunAtLoad` and `KeepAlive` to `false`
# [Source](https://superuser.com/questions/885273)

SERVICE='Endpoint_Security_VPN'

if pgrep $SERVICE > /dev/null
then
    # $SERVICE is running. Shut it down
    sudo launchctl unload /Library/LaunchDaemons/com.checkpoint.epc.service.plist
    sudo kextunload /Library/Extensions/cpfw.kext
    killall $SERVICE
else
    # $SERVICE is not running. Fire it up
    sudo launchctl load /Library/LaunchDaemons/com.checkpoint.epc.service.plist
    sudo kextload /Library/Extensions/cpfw.kext
    open '/Applications/Endpoint Security VPN.app'
fi

Try to set "RunAtLoad" and "KeepAlive" to false ⇒ both this options must be false.

I tried that and it did prevent checkpoint from starting on boot but I was unable to start and use it on demand so I had to reverse changing KeepAlive back to true to get it to work when I need to use it.

I wrote a small AppleScript that does nearly the same as the script above but in a better way for me. I will edit my post later and link to it on github for everyone to use it if needed.

Try to set "RunAtLoad" and "KeepAlive" to false ⇒ both this options must be false.

I tried that and it did prevent checkpoint from starting on boot but I was unable to start and use it on demand so I had to reverse changing KeepAlive back to true to get it to work when I need to use it.

I wrote a small AppleScript that does nearly the same as the script above but in a better way for me. I will edit my post later and link to it on github for everyone to use it if needed.

I cannot confirm that. Endpoint Security E82.00 starts alright on my system (OS 10.15.3) when needed. Autostart, however, is successfully prevented by the changes made to the .plist-file as suggested by @ferben.

Hi,
I hope that in near future Checkpoint will remove or update the Kernel extension (in Catalina Apple prevents that in the next version of macOS it will not work, I haven't tested it yet on macOS Bug Sur).
Also I have the problem with bonjour when the cpfw.kext is loaded (I cannot access my NAS using this protocol) => for time being I remove the extension, bonjour works again and the VPN client too. Therefore I do kont know why CheckPoint loads this extension that is not used in fact...