Posted on 11-19-2020 07:46 AM
First a warm "hello" to the community :-)
I hope you're well and stable in this unstable times.
Now my theme, bounded to my hope, that someone can help me to find a solution:
We are using Cisco Anyconnect and our install procedure for macOS Catalina (and Mojave) was working very well. We had created a configuration profile with the needed kernel exceptions and with this configuration profile we installed Cisco Anyconnect "silent".
Big Sur has modifyed security options and these changes are the reason, that the former well working procedure is no more working.
Now the User has to accept some security questions (like "is Cisco Anyconnect allowed to filter the network traffic") and has to enable them in the system settings.
Has anyone found a way to install Cisco Anyconnect without this conditions ?
Thank you very much for answering and
Posted on 05-31-2021 11:38 PM
Posted on 06-01-2021 12:10 AM
That can´t be a solution for the Cisco Support, or am I mistaken? I have a different view of support quality...
Posted on 06-01-2021 01:25 AM
Seems disabling Umbrella also do the trick - even it is not a very good workarround. But simply also cannot understand how Cisco are not up-to-date with their software. They have several month to test new versions comming for Mac and it seems they first test their software after the releases have been made. And now they just point to Apple and say they should fix it in a new version
Posted on 06-01-2021 02:00 AM
We have the same problems and umbrella is not in use... but apparently this is the trend of developers nowadays. Example: Big Sur was released in the fall of 2020, only in March 2021 was a final compatible version of Sophos Endpoint rolled out, until then Sophos was not running under Big Sur. Sad story if you think about how long the Big Sur beta versions were already available.
Posted on 06-01-2021 04:08 AM
Yes Umbrella removal is also not a workarround. DId some testing where it worked without umbrella - but it is just random as it sometimes can work temporary if you like re-install or restart the client, but later it then fails again.
So really difficult to find an error that is happening random.
Posted on 06-01-2021 05:27 AM
11.5 Beta Big sur also does not solve anything. It worked some hours, but now again I cannot connect to server names
Posted on 06-01-2021 11:27 PM
Our company is changing from Cisco to Forti, not only because of these errors...
Posted on 09-24-2021 09:28 AM
Ditto here as well. I'm sad the org (merger of 5 companies from last year) that I'm part of is going away from Global Protect.
Posted on 06-02-2021 03:16 AM
@jameson am experiencing same, after Jamf Pro pushes config profile. We can no longer ping out AD FQ'd domain name. Have submitted a support request to Cisco, have spent much time on this as many other Jamfers out there.
Posted on 06-08-2021 05:28 AM
I've got AnyConnect running on Big Sur thanks to the tips here, but am having issues reinstalling the app if it's been removed. Has anyone had success reinstalling?
In testing I had a user uninstall AnyConnect and DART using the uninstallers in the Applications folder. We performed the testing needed and then pushed the app back out. Now we are getting the errors in the attached screenshots. There are no system extensions to install, and we did not remove the config profile during the uninstall process, it's all still in place from the initial install. The system extension warning pops-up every 10 seconds or so making the Mac unusable. I can repeat this on other Macs as well.
Posted on 06-14-2021 07:18 AM
@rlindenmuth Hi,, did you restart after installing and removing the Anyconnect client? As far as I know, a reboot is required for Anyconnect to work.
Maybe this link will help you for removing the client: http://kb.mit.edu/confluence/display/mitcontrib/Cisco+Anyconnect+Manual+uninstall+Mac+OS
Posted on 06-28-2021 07:15 AM
We've rebooted and have tried both manual uninstall and uninstall via the app, both with no avail.
Posted on 10-26-2021 02:24 PM
Anyone having issue with AnyConnect denying the system from pulling softwareupdate list?
Below are the error message I saw in the console
System Policy: com.cisco.anycon(306) deny(1) system-privilege 10006
Violation: deny(1) system-privilege 10006
Process: com.cisco.anycon 
Load Address: 0x10eddd000
Version: 4.10.03104 (4.10.03104)
Code Type: x86_64 (Native)
Posted on 03-07-2022 07:14 AM
Don't know if people are still struggling to create a custom Anyconnect PKG but I found this from someone awhile ago and saved it to a text file and keep it a folder on our share . Don't remember the source. Obviously you can use any temp directory I just do it from my Downloads folder.
Use directory: cd /Library/Application\ Support/tmp
03-08-2022 12:43 AM - edited 03-08-2022 04:56 AM
We don't need to pack a custom package. We can download our Anyconnect package by entering the URL of our VPN in a web browser. After login the site, Anyconnect is provided for the operating system of the connected client (Mac or Windows). The package contains only the needed part of anyconnect (the VPN client, without the other peaces).
We face problems with the detection of the update server, too. After disconnecting the "Cisco AnyConnect Socket Filter" the update server is reachable and the macOS updates can be run.
Posted on 03-08-2022 05:20 AM
That sounds more like a Cisco problem than a Mac problem.