10-29-2021 03:31 AM - edited 10-29-2021 04:12 PM
We have Cisco AnyConnect 4.10.03104 working great on Mojave-Big Sur, with users not receiving any popups. When upgrading from any OS to macOS Monterey, we receive the popup below, regarding a system extension being blocked. Our configuration profile is scoped to all devices. When reloading a Mac fresh from Monterey, users do not see the message below. It only appears to be happening after an upgrade. Just wondering if anyone has a solution.
Posted on 10-29-2021 08:17 AM
Pushing a configuration profile allowing System Extensions will only be processed by the OS one time on install. For any OS below 10.15.4, as they do not know about the preference key, nothing is done. You would need to ensure that the profile is only pushed to systems that are 10.15.4+
Posted on 01-04-2022 12:05 PM
Does AnyConnect require anything being added to PPPC section in Config Profile?
02-10-2022 03:55 AM - edited 02-10-2022 04:02 AM
There is nothing to set to PPPC. We only configure "System Extensions, Content Filter" and for the older Macs "Approved Kernel Extensions" in a configuration profile. We have different configuration profiles:
one for MacOS earlier than Monterey one for Intel Mac and one for M1 Mac.
Posted on 03-15-2022 06:49 AM
Hi Novellus, could you please share how do you create a profile for each macOS earlier than Monterey one for Intel Mac, and one for M1 Mac
03-29-2022 05:51 AM - edited 03-29-2022 05:55 AM
@EddyLara sorry for my late reply.
1st, I create a smart computer group for each platform (M1 and INTEL)
Then I create a configuration profile for these two platforms and assign the profiles (in "Targets") to the corresponding smart groups, that's all.
The other way is, to exclude the unwanted smart computer group (in "Exclusions"), so that you can scope the policy to any other wanted computer group.
Posted on 10-30-2022 12:44 PM
Thanks for sharing your setup! how did you get the cert info and the syntax of the Socket Filter Designated Requirement?