FireWall-1 FAQ: Disabling Secure Client on Boot
Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.
I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.
If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)
On Windows NT/2000/XP, disable the Check Point SecuRemote Service and the Check Point SecuRemote Watchdog services. You will need to manually start one of these services, which you can do from services or with the command: net start sr_service (Note these are with the NG version of SecuRemote, the service names may vary in earlier versions)
On Windows 9x, you can remove HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\fwenc.exe from the registry and reboot. You can also disable this by using the "msconfig" program present in Windows 98 or Win98SE. You can then use the link installed in the start menu to run SecuRemote when you need to.
Note that if you are using Secure Client with a Desktop Security Policy, even if you stop the service it does not disable policy downloaded from your policy server. The only way to disable this is to uncheck the Check Point items in your network or dialup adapters.