Not sure I understand what Cisco is trying to accomplish or more importantly what action is needed.

CSCvw48062 is a feature enhancement to help mitigate vulnerability CSCvv30103.  Correct?  I guess I should update AnyConnect to version 4.9.04053.  After the update, file AnyConnectLocalPolicy.xml can be modified??  The modification is to add the four "restrict" options below.    If so, what is the syntax?

<RestrictScriptWebDeployUpdates>true</RestrictScriptWebDeployUpdates>

Restricts AnyConnect from getting administrator.... - I am assuming this means that a local administrator can not make a change but changes will be accepted from the head-end (ASA firewall).  In practice, administrators (like myself) or malicious characters will not be able to modify AnyConnect behavior.  Because I am an administrator and need to test, I would need to modify this same file (AnyConnectLocalPolicy.xml) and then make my test changes?

Workaround:
The recommended course of action is to upgrade to a version of AnyConnect that contains the fix. The defect is intended as a mitigation for CSCvv30103.

Further Problem Description:
To deploy the enhancements introduced with CSCvw48062 to mitigate CSCvv30103, it is recommended to modify the AnyConnect Local Policy File on end-user systems to restrict all four options:

Restrict Script Web-deploy Updates???Restricts AnyConnect from getting administrator-customized on-connect script updates from the server;

Restrict Resource Web-deploy Updates???Restricts AnyConnect from getting administrator-customized user interface element updates from the server;

Restrict Help Web-deploy Updates???Restricts AnyConnect from getting administrator=customized help updates from the server; and

Restrict Localization Web-deploy Updates???Restricts AnyConnect from getting administrator-customized localization updates from the server.