Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
985
Views
0
Helpful
1
Replies

Anyconnect No Longer Detecting AV as Active

bj.hebert
Level 1
Level 1

‎01-07-2017 06:41 AM - edited ‎02-21-2020 09:07 PM

Cisco AnyConnect client had been working without issue on Win10 (Ver 1607) machines and with Windows Defender AV running.  However, it now ceases to detect AV as active.  Also tried with Norton AV V22.8.0.50 installed and same result.  Any ideas what to look for to correct?

Labels:
0 Helpful
1 Reply 1

Rahul Govindan
VIP Alumni
VIP Alumni

‎01-07-2017 09:36 AM

Are you using the Anyconnect ISE Posture or ASA Posture (hostscan)? And what version?

If hostscan, what is the result you receive through the "debug dap trace" output? Windows Defender is a supported AV in almost all the hostscan versions. If this was working before and not working now, I would start by collecting a DART bundle and looking at the Cscan.log file under the Anyconnect ASA posture module section after a failed connection. Make sure to set the logging level for Hostscan to "Debugging" to get maximum information. You should some info like this:

[Tue Oct 25 10:26:35.837 2016][cscan]Function: get_data Thread Id: 0x1110 File: .\result.c Line: 505 Level: debug :endpoint.av["MicrosoftAV"]={}
[Tue Oct 25 10:26:35.837 2016][cscan]Function: get_data Thread Id: 0x1110 File: .\result.c Line: 505 Level: debug :endpoint.av["MicrosoftAV"].exists="true"
[Tue Oct 25 10:26:35.837 2016][cscan]Function: get_data Thread Id: 0x1110 File: .\result.c Line: 505 Level: debug :endpoint.av["MicrosoftAV"].description="Windows Defender"
[Tue Oct 25 10:26:35.837 2016][cscan]Function: get_data Thread Id: 0x1110 File: .\result.c Line: 505 Level: debug :endpoint.av["MicrosoftAV"].version="4.8.10240.16384"
[Tue Oct 25 10:26:35.837 2016][cscan]Function: get_data Thread Id: 0x1110 File: .\result.c Line: 505 Level: debug :endpoint.av["MicrosoftAV"].activescan="failed"
[Tue Oct 25 10:26:35.837 2016][cscan]Function: get_data Thread Id: 0x1110 File: .\result.c Line: 505 Level: debug :endpoint.av["MicrosoftAV"].lastupdate="11519511"
[Tue Oct 25 10:26:35.837 2016][cscan]Function: get_data Thread Id: 0x1110 File: .\result.c Line: 505 Level: debug :endpoint.av["MicrosoftAV"].timestamp="1465886084"

For ASA ISE posture, make sure to have the latest compliance module for the Anyconnect. Same procedure for looking for hostscan information using DART can be followed but the output maybe different.

Were there any Windows updates of late after which you are seeing this issue? I would also open a TAC case if all these steps do not give much information.

0 Helpful
Customers Also Viewed These Support Documents