How to disable product update on Cisco AnyConnect mobility client

Vladimir Poprocky · ‎11-12-2014

Hallo,

Do you anybody know how to disable/turn off "Checking for product update" during _every_ connecting Cisco Anyconnect Secure Mobility Client (VPN) to remote sites?

I found it may by possible on the ASA side, but I need to disable it on the client (computer). I can see that checking is NOT during connecting to my company site, but when connecting to ANY OTHER site everytime is new version checked. It takes some time ... and I need to switch between VPN often.

Thank you for your help!

Regards, Ondrej

ghostinthenet · ‎11-12-2014

You should be able to do this in the AnyConnect local policy. Just add (or edit, if you already have a local policy file) the following to the local policy file:

<!--?xml version="1.0" encoding="UTF-8"?-->
<anyconnectlocalpolicy acversion="2.4.140" xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemalocation="http://schemas.xmlsoap.org/encoding/ AnyConnectLocalPolicy.xsd">
<BypassDownloader>true</BypassDownloader>
</AnyConnectLocalPolicy>

The local policy file can be found here:

Windows Vista/7/8: C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\AnyConnectLocalPolicy.xml
Linux/Mac: /opt/cisco/anyconnect/AnyConnectLocalPolicy.xml

See the Enabling FIPS and Additional Security in the Local Policy section of the Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.1 for more details.

---
Jody Lemoine, Network Architect
CCIE 41436, MTCRE, MTCINE, MTCIPv6E
tishco networks, Virtually Everywhere
(905) 378-1134, jody.lemoine@tishco.ca

mmcneely11 · ‎03-30-2016

Hello there --

This may be a silly question but will updating the local policy keep the software from installing the Start before login module? I have a user that I removed and reinstalled the Cisco Anyconnect Secure Mobility Client and vpn did not encounter any issues until (it appears) that module was added.

ghostinthenet · ‎03-30-2016

Alas, I have no experience using the start before login module, so I can't say for certain. If you're installing it manually, I imagine that there would be no interference. If it's somehow being installed automatically, then this policy might well prevent that from working properly.

---
Jody Lemoine, Network Architect
CCIE 41436, MTCRE, MTCINE, MTCIPv6E
tishco networks, Virtually Everywhere
(905) 378-1134, jody.lemoine@tishco.ca

mmcneely11 · ‎03-30-2016

Thank you, Jody. It is an old thread so I wasn't sure that I would get a response. I am going to give it a try and see if that is the case.

mmcneely11 · ‎04-08-2016

Hi Jody --

Thank you...that did the trick for my user! :)

email · ‎09-18-2016

This is correct, however, on a Mac the next step you need to take is to remove this application from your Login items, found at System Preferences > Users > Login Items.

JERRY WAYOCK · ‎11-28-2017

Thanks worked perfect

michael.karamoutchev1 · ‎05-02-2017

CLI

Modify XML AnyConnect Client Profile as follows:
<AutoUpdate UserControllable="false">false</AutoUpdate>

ASDM

1. Navigate to:
Configuration --> Remote Access VPN --> Network (Client) Access --> AnyConnect Customization/Localization --> AnyConnect Client Profile -->

2.Select Profile Name
"Profile Name" --> VPN --> Preferences (Part 1)

3. Uncheck "Auto Update"