AnyConnect Socket Filter on Big Sur

AJPinto
Contributor III

I have seen several discussions on this topic but so far following them I have not been able to get rid of the Cisco AnyConnect Socket Filter PPPC pop. I have a few configuration profiles for AnyConnect following other people and Ciscos generic documentation and it looks like they have installed correctly. However the popup persists. Anyone got any ideas?

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect49/upgrade/AnyConnect_macOS_BigSur_Advisory.html#_Toc52277857

8a3ce6d93d874315b8311d12b672f493

9293a64c6b974c3bb0af2fa7d8185057

29228126ebd441dcbc4e1d68dd1c0ffc

b6fc379517f5436f8f0a650594f12160

9534c71c31004ec78e20b62fff23a2b9

10 REPLIES 10

Tribruin
Contributor III
Contributor III

It looks like you have a typo in the Socket Filter Bundle Identifier. It should be com.cisco.anyconnect.macos.acsock. Try changing that and see if makes any difference.

AJPinto
Contributor III

@RBlount I fixed that but it still wont move past "activated waiting for user". I copy pasted Socket Filter Designated Requirement so that should be right.

cefe2885e9804c41b8c3e0057be1268b

d031a077f5e845a5947c45731844831d

u0019722
New Contributor

This is related, but not exactly the same thing. Are you aware if there is a way to either delete the socket filter on install, or use jamf to remove it completely? We are running into an issue where the Anyconnect socket filter in causing issues when it is installed on systems with SEP installed. The socket filter on Anyconnect doesn't like having the SEP socket filter installed too. We have to have the SEP one per organization ISO, and manually removing the Anyconnect one on each mac is proving troublesome.

roiegat
Contributor II

only difference I can see is that in our identifier its: com.cisco.anyconnect.macos.acsock
Attaching our info.
40c3c7bdf19247fdb332a8d6df2a738a

Mark_Lamont
New Contributor II

there is a difference, filter Order is set.

agrant
New Contributor II

Is the System Extension in a different config profile? Probably need both to get it approved without user interaction.

jwojda
Valued Contributor II

we're experiencing similar issues. I went through and changed per the suggestions above, but still doesn't seem to want to enable it automatically (still prompting the user).

I also went through this KB article and at the bottom is the text for their premade mobileconfig, which I put into jamf and it still prompting.

JAMAUAI
New Contributor II

Deleting these worked for me. AnyConnect still works fine.

/Library/LaunchAgents/com.cisco.anyconnect.vpnagent.plist /Library/LaunchDaemons/com.cisco.anyconnect.gui.plist /Library/LaunchAgents/com.cisco.anyconnect.notification.plist

You might be able to get away with deleting just the last one, though.

EDIT: Confirmed that this is the only one you need to delete:

/Library/LaunchAgents/com.cisco.anyconnect.notification.plist

Source: https://apple.stackexchange.com/questions/202296/stop-cisco-anyconnect-secure-mobility-client-from-s...

This was added o install script to prevent RunAtLoad (startup) >

rm -f /Library/LaunchAgents/com.cisco.anyconnect.gui.plist
echo "Prevent RunAtLoad"

markdmatthews
New Contributor III

Anyone having any luck with a silent uninstall?

"/opt/cisco/anyconnect/bin/anyconnect_uninstall.sh"
"/opt/cisco/anyconnect/bin/dart_uninstall.sh"

Is throwing a user-prompt to remove content filter.