Deny System extension

madhavigandhi1
New Contributor II

Is there a way to Deny/Block below system extension for cisco anyconnect client. 
Want that this extension is auto denied/blocked 

Configuration profile payload only has options to allow system extensions or approved kernel extension.

My need is to block it or deny it.

I need anyconnect app to install silently without this prompt. but do not want to allow the extension. 

Screenshot 2022-04-11 at 2.24.15 PM.png

6 REPLIES 6

geoff_widdowson
Contributor II

If you want the application to be blocked from installation then add it the 'Restricted Software' list. Given you are wanting to block the systems extensions, which will stop it from working, it won't run anyway (some cases it may). 

Thanks for the reply.
We do not want the application to be restricted, just the system extension of that app to be blocked.

any solution regarding this is most welcome

mm2270
Legendary Contributor III

I don't understand this. If an application requires a System Extension to work, then blocking it will prevent the application from working (worst case) or limit the functionality of the application (best case). Yet you say you don't want to block the application. These 2 things aren't lining up. Either you want to allow it or not. It seems you're trying to have it both ways which doesn't seem like it would end up well to me.

AVmcclint
Honored Contributor

I think the point of the System Extension is that's what it needs to run.

xtian
New Contributor III

Try this 

Save as .mobileconfig and upload

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>NotificationSettings</key>
			<array>
				<dict>
					<key>AlertType</key>
					<integer>1</integer>
					<key>BadgesEnabled</key>
					<true/>
					<key>BundleIdentifier</key>
					<string>com.cisco.anyconnect.notification</string>
					<key>CriticalAlertEnabled</key>
					<true/>
					<key>NotificationsEnabled</key>
					<true/>
					<key>ShowInLockScreen</key>
					<false/>
					<key>ShowInNotificationCenter</key>
					<true/>
					<key>SoundsEnabled</key>
					<true/>
				</dict>
			</array>
			<key>PayloadDisplayName</key>
			<string>Notifications Payload</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.notificationsettings.E909DDCC-3AE1-4363-BBBC-3A8F32178DA0</string>
			<key>PayloadOrganization</key>
			<string>JAMF Software</string>
			<key>PayloadType</key>
			<string>com.apple.notificationsettings</string>
			<key>PayloadUUID</key>
			<string>E909DDCC-3AE1-4363-BBBC-3A8F32178DA0</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
		</dict>
		<dict>
			<key>FilterDataProviderBundleIdentifier</key>
			<string>com.cisco.anyconnect.macos.acsockext</string>
			<key>FilterDataProviderDesignatedRequirement</key>
			<string>anchor apple generic and identifier "com.cisco.anyconnect.macos.acsockext" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DE8Y96K9QP)</string>
			<key>FilterPackets</key>
			<false/>
			<key>FilterSockets</key>
			<true/>
			<key>FilterType</key>
			<string>Plugin</string>
			<key>PayloadDisplayName</key>
			<string>Web Content Filter Payload</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.webcontent-filter.576F7B34-7116-405B-B752-3986D84CE9FA</string>
			<key>PayloadOrganization</key>
			<string>JAMF Software</string>
			<key>PayloadType</key>
			<string>com.apple.webcontent-filter</string>
			<key>PayloadUUID</key>
			<string>576F7B34-7116-405B-B752-3986D84CE9FA</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>PluginBundleID</key>
			<string>com.cisco.anyconnect.macos.acsock</string>
			<key>UserDefinedName</key>
			<string>Cisco AnyConnect Content Filter</string>
			<key>VendorConfig</key>
			<dict/>
		</dict>
		<dict>
			<key>AllowUserOverrides</key>
			<true/>
			<key>AllowedSystemExtensionTypes</key>
			<dict>
				<key>DE8Y96K9QP</key>
				<array>
					<string>NetworkExtension</string>
				</array>
			</dict>
			<key>AllowedSystemExtensions</key>
			<dict>
				<key>DE8Y96K9QP</key>
				<array>
					<string>com.cisco.anyconnect.macos.acsockext</string>
				</array>
			</dict>
			<key>PayloadDescription</key>
			<string></string>
			<key>PayloadDisplayName</key>
			<string>System Extensions</string>
			<key>PayloadEnabled</key>
			<true/>
			<key>PayloadIdentifier</key>
			<string>com.apple.system-extension-policy.DA8EB2BF-4B5F-47B4-AD9B-BC1EC8A1A07E</string>
			<key>PayloadOrganization</key>
			<string>New York University Abu Dhabi</string>
			<key>PayloadType</key>
			<string>com.apple.system-extension-policy</string>
			<key>PayloadUUID</key>
			<string>DA8EB2BF-4B5F-47B4-AD9B-BC1EC8A1A07E</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string></string>
	<key>PayloadDisplayName</key>
	<string>AnyConnect Unified Configuration Profile - ARM64/AMD64</string>
	<key>PayloadEnabled</key>
	<true/>
	<key>PayloadIdentifier</key>
	<string>com.tano.profile</string>
	<key>PayloadRemovalDisallowed</key>
	<true/>
	<key>PayloadScope</key>
	<string>System</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>175D2627-860F-41A6-B385-038DF2BCA063</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

 

xtian
New Contributor III

Add this entries manually if settings not picked up after upload

 

Screen Shot 2022-05-26 at 2.15.22 AM.pngScreen Shot 2022-05-26 at 2.25.15 AM.pngScreen Shot 2022-05-26 at 2.20.48 AM.png