topic Re: Cisco AnyConnect thinking I still have WannaCry in Wireless

Cisco AnyConnect thinking I still have WannaCry

JJ_4884 — Mon, 05 Jul 2021 14:43:09 GMT

I just performed a clean install of Windows 10 on my computer. I turned of SMBv1 just to be on the safe side. After a few reboots to install updates, my Cisco Anyconect Secure Mobility client thinks I am vulnerable to WannaCry and puts me on the "limited" network. I've read on the internet that Windows already has the capability to handle WannaCry on it's own without other AV software. The only AV that seems to resolve this issue is Avast AV, but I do not trust that company after it's many snafus with security. I have contacted my IT department and they say AV is the answer, but I feel like the database for vulnerabilities is out of date.

I have had no trouble with Cisco AnyConnect till I was running Windows 10 Insider Preview Slow Ring. This is a clean install to the current version before the upcoming Fall Creators Update.

Re: Cisco AnyConnect thinking I still have WannaCry

patoberli — Thu, 05 Oct 2017 07:02:17 GMT

You write that you installed Windows 10 preview build slow ring?

If yes, which version do you currently have?

And more important, which version of AnyConnect and the other installed modules do you have? I guess here is a detection rule issue, between the Windows Beta version and your installed AnyConnect/NAM/HostScan/whatever module.

Re: Cisco AnyConnect thinking I still have WannaCry

JJ_4884 — Fri, 06 Oct 2017 01:38:38 GMT

here is the about window

Re: Cisco AnyConnect thinking I still have WannaCry

patoberli — Fri, 06 Oct 2017 06:20:38 GMT

I've just checked the release notes: https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect43/release/notes/b_Release_Notes_AnyConnect_4_3.html
There are several newer versions, which fix bugs with various anti-virus products and wrong detections. You might want to test an upgraded version.
Otherwise the admin of the system has to check in the logfiles on the scan-server which file/rule gets detected and why.

Re: Cisco AnyConnect thinking I still have WannaCry

JJ_4884 — Thu, 12 Oct 2017 12:50:14 GMT

Not sure I can load an updated version from the built-in update system. Is there a way to download the updated client from Cisco with the packages I need?

Re: Cisco AnyConnect thinking I still have WannaCry

patoberli — Thu, 12 Oct 2017 12:52:30 GMT

If you have access to the Cisco download area, yes you can. You can simply download the latest version by searching for anyconnect in the download area.

Re: Cisco AnyConnect thinking I still have WannaCry

JJ_4884 — Thu, 12 Oct 2017 15:34:26 GMT

Unfortunately, the download page need some login credentials I'm not sure I have.

Re: Cisco AnyConnect thinking I still have WannaCry

patoberli — Thu, 12 Oct 2017 18:41:31 GMT

That's well possible and I can't really help you with that. You need to ask your IT administrator if he could download the file for you and make it available. Typically it's a .zip file, which contains the various component installers.