Jamf Nation Community

madhavigandhi1 · ‎04-11-2022

Is there a way to Deny/Block below system extension for cisco anyconnect client.
Want that this extension is auto denied/blocked

Configuration profile payload only has options to allow system extensions or approved kernel extension.

My need is to block it or deny it.

I need anyconnect app to install silently without this prompt. but do not want to allow the extension.

geoff_widdowson · ‎04-12-2022

If you want the application to be blocked from installation then add it the 'Restricted Software' list. Given you are wanting to block the systems extensions, which will stop it from working, it won't run anyway (some cases it may).

madhavigandhi1 · ‎04-12-2022

Thanks for the reply.
We do not want the application to be restricted, just the system extension of that app to be blocked.

any solution regarding this is most welcome

mm2270 · ‎04-12-2022

I don't understand this. If an application requires a System Extension to work, then blocking it will prevent the application from working (worst case) or limit the functionality of the application (best case). Yet you say you don't want to block the application. These 2 things aren't lining up. Either you want to allow it or not. It seems you're trying to have it both ways which doesn't seem like it would end up well to me.

AVmcclint · ‎04-12-2022

I think the point of the System Extension is that's what it needs to run.

xtian · ‎05-25-2022

Try this

Save as .mobileconfig and upload

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>NotificationSettings</key>
			<array>
				<dict>
					<key>AlertType</key>
					<integer>1</integer>
					<key>BadgesEnabled</key>
					<true/>
					<key>BundleIdentifier</key>
					<string>com.cisco.anyconnect.notification</string>
					<key>CriticalAlertEnabled</key>
					<true/>
					<key>NotificationsEnabled</key>
					<true/>
					<key>ShowInLockScreen</key>
					<false/>
					<key>ShowInNotificationCenter</key>
					<true/>
					<key>SoundsEnabled</key>
					<true/>
				</dict>
			</array>
			<key>PayloadDisplayName</key>
			<string>Notifications Payload</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.notificationsettings.E909DDCC-3AE1-4363-BBBC-3A8F32178DA0</string>
			<key>PayloadOrganization</key>
			<string>JAMF Software</string>
			<key>PayloadType</key>
			<string>com.apple.notificationsettings</string>
			<key>PayloadUUID</key>
			<string>E909DDCC-3AE1-4363-BBBC-3A8F32178DA0</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
		</dict>
		<dict>
			<key>FilterDataProviderBundleIdentifier</key>
			<string>com.cisco.anyconnect.macos.acsockext</string>
			<key>FilterDataProviderDesignatedRequirement</key>
			<string>anchor apple generic and identifier "com.cisco.anyconnect.macos.acsockext" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DE8Y96K9QP)</string>
			<key>FilterPackets</key>
			<false/>
			<key>FilterSockets</key>
			<true/>
			<key>FilterType</key>
			<string>Plugin</string>
			<key>PayloadDisplayName</key>
			<string>Web Content Filter Payload</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.webcontent-filter.576F7B34-7116-405B-B752-3986D84CE9FA</string>
			<key>PayloadOrganization</key>
			<string>JAMF Software</string>
			<key>PayloadType</key>
			<string>com.apple.webcontent-filter</string>
			<key>PayloadUUID</key>
			<string>576F7B34-7116-405B-B752-3986D84CE9FA</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>PluginBundleID</key>
			<string>com.cisco.anyconnect.macos.acsock</string>
			<key>UserDefinedName</key>
			<string>Cisco AnyConnect Content Filter</string>
			<key>VendorConfig</key>
			<dict/>
		</dict>
		<dict>
			<key>AllowUserOverrides</key>
			<true/>
			<key>AllowedSystemExtensionTypes</key>
			<dict>
				<key>DE8Y96K9QP</key>
				<array>
					<string>NetworkExtension</string>
				</array>
			</dict>
			<key>AllowedSystemExtensions</key>
			<dict>
				<key>DE8Y96K9QP</key>
				<array>
					<string>com.cisco.anyconnect.macos.acsockext</string>
				</array>
			</dict>
			<key>PayloadDescription</key>
			<string></string>
			<key>PayloadDisplayName</key>
			<string>System Extensions</string>
			<key>PayloadEnabled</key>
			<true/>
			<key>PayloadIdentifier</key>
			<string>com.apple.system-extension-policy.DA8EB2BF-4B5F-47B4-AD9B-BC1EC8A1A07E</string>
			<key>PayloadOrganization</key>
			<string>New York University Abu Dhabi</string>
			<key>PayloadType</key>
			<string>com.apple.system-extension-policy</string>
			<key>PayloadUUID</key>
			<string>DA8EB2BF-4B5F-47B4-AD9B-BC1EC8A1A07E</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string></string>
	<key>PayloadDisplayName</key>
	<string>AnyConnect Unified Configuration Profile - ARM64/AMD64</string>
	<key>PayloadEnabled</key>
	<true/>
	<key>PayloadIdentifier</key>
	<string>com.tano.profile</string>
	<key>PayloadRemovalDisallowed</key>
	<true/>
	<key>PayloadScope</key>
	<string>System</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>175D2627-860F-41A6-B385-038DF2BCA063</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

xtian · ‎05-25-2022

Add this entries manually if settings not picked up after upload

Jamf Nation Community

Deny System extension