topic Re: Secure Endpoint overtaking Cisco Anyconnect in Endpoint Security

Secure Endpoint overtaking Cisco Anyconnect

curyn — Fri, 29 Jul 2022 14:53:57 GMT

Cisco has chosen to once again change the graphic icon for Secure Endpoint in the latest version (8.0). The new icon looks similar to Anyconnect but with different colors. They also made the GUI look exactly like Anyconnect's GUI. If those two things weren't enough to cause confusion, the latest version also transforms the Anyconnect shortcut in the Start Menu into a Secure Endpoint shortcut. So when you click on Anyconnect in the Start Menu, Secure Endpoint opens instead which now looks the same as Anyconnect! This is on a level of intentional sabotage. You can't make this stuff up!

Re: Secure Endpoint overtaking Cisco Anyconnect

Ken Stieers — Fri, 29 Jul 2022 15:00:53 GMT

They've been talking about consolidating their clients for many years.
The announced it at CiscoLive 2022... I think it was even in a key note....

[cid:image001.png@01D8A332.0BCE9590]

Re: Secure Endpoint overtaking Cisco Anyconnect

curyn — Fri, 29 Jul 2022 15:19:29 GMT

They are still two different applications, they just made them look the same, and the shortcut for Anyconnect opens the wrong application.

Re: Secure Endpoint overtaking Cisco Anyconnect

Jon333 — Mon, 01 Aug 2022 14:36:16 GMT

Opening the AnyConnect client from the task tray seemed to correct running the client from the search bar and recreating the shortcut now opens the AnyConnect client instead of the Secure Endpoint.

Re: Secure Endpoint overtaking Cisco Anyconnect

Hernan69 — Mon, 01 Aug 2022 15:38:18 GMT

Same here, honestly....lets hope a workaround is in place soon.

Re: Secure Endpoint overtaking Cisco Anyconnect

Troja007 — Tue, 02 Aug 2022 19:36:42 GMT

Hello @curyn ,
Cisco Secure Client is not just changing an Icon. Cisco Secure Client is the new approach bringing separated Cisco Endpoint products more and more into a single endpoint product. If you know AnyConnect, there is no change for you, even using Secure Client.

Secure Endpoint Module for Secure Client
Secure Endpoint is running as a module within Secure Client. After the installation, it registers to the Secure Endpoint cloud as usual. No change from the operating side for Secure Endpoint.

AnyConnect (Secure Client)
The same here, you can operate is usual, no change needed. If using Secure Client, SecureX insight includes, the so called, package manager, where you can configure your profiles and the software package. Afterwards you can use the Network Installer or Full Installer to install Secure Client. All configured modules will then be installed, based on your configuration.

Hopefully this info makes it more clear for you. For any technical issue, you may check with TAC.There will be many different sessions available in the future to hear and learn more about Secure Client.
Greetings, Thorsten

Re: Secure Endpoint overtaking Cisco Anyconnect

Roman Valenta — Mon, 01 Aug 2022 16:36:51 GMT

This was discovered first on Friday.

During deployment of Secure Endpoint 8.0.1 through AMP Cloud policy sync, users with installed version of AnyConnect other than 5.x will face a issue with starting AnyConnect VPN through Windows Start Menu as both shortcuts will default to same UI. In this case both shortcuts will open the Secure Client UI.

Current Workaround:

You can still open the AnyConnect via toolbar from the right corner menu by right click "Open AnyConnect" also if you do that, from that moment both shortcuts in Start Menu will open AnyConnect UI if you do the same and open Secure Endpoint UI the same way you will revert back both shortcuts to be able open only Secure Endpoint UI.

The other suggested possible approach is to upgrade Any Connect to version 5.x so there is only one single UI. For this approach is suggested to test this first on small group of endpoints before mass deployment. The outcome will looks like this.

External BUG will be available soon, will update once that is ready.

Re: Secure Endpoint overtaking Cisco Anyconnect

Roman Valenta — Tue, 02 Aug 2022 01:29:09 GMT

Quick update on this:

Bug ID currently in process of externalization: CSCwc59031

External Facing Document:

Broken Shortcut Links in Start Menu after Secure Client(Secure Endpoint) Update to 8.0.X Running with AnyConnect 4.X.X on Windows

https://www.cisco.com/c/en/us/support/docs/security/secure-endpoint/218014-broken-shortcut-links-in-start-menu-afte.html

Re: Secure Endpoint overtaking Cisco Anyconnect

Roman Valenta — Tue, 02 Aug 2022 21:10:20 GMT

Latest news on this is that we identified the issue and working on the patch. There will be most likely new release 8.0.1 connector with the patch available very soon. I don’t want to set this in stones but expecting something with in few days and as early as beginning of next week.

Re: Secure Endpoint overtaking Cisco Anyconnect

Roman Valenta — Fri, 05 Aug 2022 15:17:59 GMT

Looks like last update to this thread.

We are planning to release Cisco Secure Endpoint Windows Connector 8.0.1.21164 today (Aug 5th) to the production environments at roughly these times.

APJC - 12:00 MDT (18:00 UTC)

EU - 13:00 MDT (19:00 UTC)

NAM - 14:00 MDT (20:00 UTC)

Cisco Secure Endpoint Windows Connector 8.0.1.21164 Release Notes

Bugfixes/Enhancements

Addressed an issue where older versions of the AnyConnect (4.10 and earlier) start menu shortcut would launch the connector instead.

Re: Secure Endpoint overtaking Cisco Anyconnect

Roman Valenta — Fri, 05 Aug 2022 21:10:32 GMT

This issue is now fixed in SE 8.0.1.21164 which is now available in all clouds. Tested in my lab and confirmed.

Re: Secure Endpoint overtaking Cisco Anyconnect

MichelleMacEnroe36525 — Tue, 09 Aug 2022 19:33:43 GMT

If the issue is now fixed, why do I get this when trying (and failing) to run the Secure Client (8.0.1.21164) on a newly upgraded server with no history of AnyConnect ever having been installed?? (And yes, I have a TAC case open):

Function: wWinMain
File: C:\drone\src\GUI\Windows\GUI.cpp
Line: 182
AnyConnect GUI is already running, showing existing instance

....along with several other messages about AnyConnect...

Re: Secure Endpoint overtaking Cisco Anyconnect

Roman Valenta — Tue, 09 Aug 2022 21:23:38 GMT

This bug and the new release was only targeting issue seen on systems with previously installed AnyConnect prior version 5.0. The issue described in the bug and the document are specifically referring to issue with broken shortcut links in the START menu.

What you describing is something else. Looks like your issue is that you don't see the GUI portion on your Server machine? Can you verify that you are the ONLY logged-in user on that server? If not would you mind close out all the users that are currently logged-in and try start the secure client again? Also assuming that the upgrade from 7.5.3 was done via policy change in the AMP portal.

The other issue could be that the installation was corrupted, but with out diagnostic bundle it's hard to say what could happened. You can still try to run diagnostic bundle by navigating in to C:\Program Files\Cisco\AMP\8.0.1.21164 and run ipsupporttool.exe manually with "right click" Administrator. Since you have already open a case upload the log to the case notes.

Lastly as far for this log...

Function: wWinMain
File: C:\drone\src\GUI\Windows\GUI.cpp
Line: 182
AnyConnect GUI is already running, showing existing instance

....along with several other messages about AnyConnect...

Seeing AnyConnect referenced in the log above is most likely expected since the new Secure Endpoint UI which is called Secure Client is based of former AnyConnect UI. It doesn't mean that AnyConnect VPN client is installed on the system it's just that they share some of the drivers.

I was also able to look up that hostname for this machine in your picture and I can see that it communicates with the AMP cloud so that part seem to be working just fine.

Re: Secure Endpoint overtaking Cisco Anyconnect

MichelleMacEnroe36525 — Wed, 10 Aug 2022 15:00:09 GMT

Yup, that's the 1st thing I check when trying to use Cisco A/V is that I am the only user on the server. (Learned that one a while ago!) And yes, the install was done via Groups & Policy applied to only that group.

I'll try to run the ipsupporttool and upload logs.