Help

Cisco Anyconnect 4.9 popup during uninstall

tcandela
Valued Contributor II

Posted on ‎03-11-2022 08:40 AM

I am getting this popup from macOS Monterey when running the any connect uninstall.sh.   I have a configuration profile configured with the settings displayed in the pictures below. Is the config profile missing something? I don't get any popups when the config profile is installed and when the user installs Cisco anyconnect.

One is from macOS Monterey on Intel and the other is from macOS Monterey on M1

20220311_094027_resized.jpg20220311_094135_resized.jpg

Screen Shot 2022-03-11 at 11.37.15 AM.pngScreen Shot 2022-03-11 at 11.38.02 AM.png

0 Kudos
4 REPLIES 4

AJPinto
Honored Contributor II

Posted on ‎03-14-2022 09:04 AM

The AnyConnect uninstaller is trying to remove the Cisco AnyConnect Socket Filter.app which is a system extension component. They way apple has things currently removing a System Extension requires user authentication. Per the man page apple claims requiring user intervention is temporary, but we are on 4 years of temporary now. The only way to bypass the user prompts is with SIP disabled. Welcome to managing Macs in 2022 :(. 

0 Kudos

tcandela
Valued Contributor II
In response to AJPinto

Posted on ‎03-14-2022 03:34 PM

@AJPinto  I understand now, thanks. So is this just a macOS Monterey thing?

Even after testing a system extension type of 'removable' it still didn't work.

0 Kudos

AJPinto
Honored Contributor II
In response to tcandela

Posted on ‎04-04-2022 11:13 AM

It's an apple thing. To remove a system extension it requires user interaction, which I think is incredibly stupid. It a Catalina+ thing, at least until apple finally finishes the System Extension function.

 

Supposedly we will eventually be able to remove System Extensions with CLI, but right now that requires SIP to be disabled. The terminal notification has said since Catalina the SIP disabled part is temporary. Product Feedback - Apple is the only thing apple listens to, so go ham and make feedback requests for every little thing that annoys you about anything to do with macOS.

0 Kudos

tcandela
Valued Contributor II
In response to AJPinto

Posted on ‎04-05-2022 01:49 PM

@AJPinto  i made a change to my config profile and it looks to be able to remove the anyconnect system extension when uninstalling without prompting the user to uninstall the system extension, but then if you want to re-install anyconnect you have to re-install the system extension (even though the system extension config profile is still listed in the PROFILES section).

so If i had a policy to uninstall cisco anyconnect 4.9 it will uninstall using the anyconnect uninstall.sh and now not prompt the user to accept the system extension uninstall popup.  But then if i want to re-install anyconnect (say to install a newer version) it then does the popup to install the system extension.

0 Kudos