Posted on 01-29-2020 07:16 AM
Can anyone guide me to block this page alone, i am able to block cisco system extension, even though still the page pop up comes..
Posted on 01-29-2020 12:59 PM
You cannot block the page. You need to deploy a configuration profile with an "Approved Kernel Extensions" payload for Cisco AnyConnect. The Team ID for Cisco AnyConnect is DE8Y96K9QP
Posted on 01-30-2020 12:38 AM
Hello , Thanks..
I have tried this and seems extension are blocking ..
But when we rollout to large form many user's will get this alert. Can we do something from the source file itself ?
Posted on 01-30-2020 05:53 AM
That profile will only work on machines where the machine is in a User Approved MDM state. There is nothing that can be done on the AnyConnect side. This is a macOS setting.
Posted on 06-04-2020 09:15 AM
I have updated the tag from Jamf Nation to Configuration Profiles to better reflect the discussion.
Posted on 11-24-2020 01:05 PM
Very odd, I have both a KEXT and SYSEXT Profile set for this vendor and team ID, and the System im testing on is User approved MDM, however the prompt still showed regardless and did not allow it automatically even tho the config profile is present
Posted on 12-01-2020 10:04 AM
Same I have added the profile and am still getting the prompt pop up and even if I select the system preferences button, there is nothing to allow. Anyone have a way around this at the moment.
Posted on 12-02-2020 10:10 AM
@JarvisUno Hello. Is this because you are pushing out a Kernel Extension for a app which needs a System Extension? Big Sur uses System Extensions now. Cisco has a website about enabling System Extensions for AnyConnect
I am in the process of converting all my Kernel Extensions over to System Extensions for apps like Team Viewer, FireEye, AnyConnect to name a few.
Posted on 12-08-2020 07:47 AM
Hi there - does anyone have a completed working Cisco AnyConnect system extension Configuration Profile created for macOS Big Sur? I'm sure this can be done with 1 config profile to apply to a computer.
I'm trying to create one using the AnyConnect_macOS_BigSur_Advisory.pdf that they provide but i'm not sure i'm setting it up correctly.
For macOS prior to Big Sur i have the approved kernel extension with team id that has worked with no issues 10.14/10.15, now with System Extensions for Big Sur i'm prepping for Cisco AnyConnect 4.9.04xxx
I'v included some images of my preliminary System Extenstion settings along with the Cisco information that is in the pdf.
I added the Web Content filter section to the Config Profiiles system configuration settings but I am not sure where to put that data the the Cisco pdf displays.
Posted on 12-15-2020 08:33 AM
@tcandela Did you manage to enter the data for the web content filter. If you have managed to add it in can you post a picture of how you added the data into which fields.
Posted on 12-15-2020 11:37 AM
Posted on 04-12-2021 08:24 AM
I am getting the system extension is blocked on 10.14.6 for Cisco. It has Anyconnect installed 4.9.04053 and i have a config profile with system extension configured.
anyone else getting this?
Posted on 04-12-2021 08:47 AM
@tcandela , system extension configuration is for macOS Big Sur.. You would need to configure a Kernel Extension payload for previous OS's
Posted on 04-12-2021 08:51 AM
@JustDeWon yes, that's what i thought but why is the popup message about 'system extension' and not 'kernel extension'?
shouldn't the pop up message say 'kernel extension'? if it's running 10.14.6?
Posted on 04-12-2021 10:18 AM
@tcandela , that is just a default wording by Cisco.. It's always been the same "message" since High Sierra as far as I can remember..
Posted on 04-12-2021 02:15 PM
Because technically they are both system extensions per Apple
Posted on 04-20-2021 05:08 AM
I had the Cisco Anyconnect Kernel extension installed on Mojave and it worked fine and then I did an in place upgrade to Big Sur and once the new macOS version was picked up by RECON a system extension configuration profile for Cisco Anyconnect was applied, but it now has that ATTENTION REQUIRED popup (just like this posts topic) telling me the AnyConnect system extension blocked.
So even though the System Extension is now applied to Big Sur it doesn't matter since Cisco Anyconnect was installed before the system extension was applied??????
is this how it works??? system extensions have to be configured before the application gets installed??
if done the other way around you will be prompted to 'allow'??
Posted on 04-21-2021 10:44 AM
The configuration profile MUST be installed BEFORE the system extension is installed. A config profile cannot retro approve a SysExt as it could a kext. This is Apple's design. If done the other way around you will be prompted to approve, yes. If the config profile is in place and AnyConnect was already there you can also uninstall and reinstall. Highly suggest the profile is scoped to ALL machines that are UAMDM/Supervised no matter the OS version so it is in place before an upgrade causes issues such as this.