macOS Monterey and Cisco AnyConnect System Extension Issue


We have Cisco AnyConnect 4.10.03104 working great on Mojave-Big Sur, with users not receiving any popups.  When upgrading from any OS to macOS Monterey, we receive the popup below, regarding a system extension being blocked.  Our configuration profile is scoped to all devices.  When reloading a Mac fresh from Monterey, users do not see the message below.  It only appears to be happening after an upgrade.  Just wondering if anyone has a solution. 




New Contributor III

Pushing a configuration profile allowing System Extensions will only be processed by the OS one time on install. For any OS below 10.15.4, as they do not know about the preference key, nothing is done. You would need to ensure that the profile is only pushed to systems that are 10.15.4+

Valued Contributor

Does AnyConnect require anything being added to PPPC section in Config Profile? 

Not applicable

There is nothing to set to PPPC. We only configure "System Extensions, Content Filter" and for the older Macs "Approved Kernel Extensions" in a configuration profile. We have different configuration profiles:
one for MacOS earlier than Monterey one for Intel Mac and one for M1 Mac.

New Contributor III

Hi Novellus, could you please share how do you create a profile for each macOS earlier than Monterey one for Intel Mac, and one for M1 Mac

Not applicable

@EddyLara sorry for my late reply.
1st, I create a smart computer group for each platform (M1 and INTEL)

Then I create a configuration profile for these two platforms and assign the profiles (in "Targets") to the corresponding smart groups, that's all.

The other way is, to exclude the unwanted smart computer group (in "Exclusions"), so that you can scope the policy to any other wanted computer group.

New Contributor

Thanks for sharing your setup! how did you get the cert info and the syntax of the Socket Filter Designated Requirement?