Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
82261
Views
45
Helpful
8
Replies

AnyConnect Socket Filter is always running, even when AnyConnect is not

candez
Level 1
Level 1

‎03-12-2021 12:59 AM

I use my personal computer for work purposes, and for certain tasks, I use AnyConnect VPN, provided by my client. When I need to complete those tasks, I launch AnyConnect, and then disconnect and quit the application when I am finished. AnyConnect is not in my startup items and does not launch unless I start it manually.

 

However, since updating to Mac OS Big Sur, I have noticed that 3 instances of AnyConnect Socket Filter are ALWAYS on and running when I view my network status. 

 

Can I turn these off without disabling or breaking my AnyConnect installation? I want to be able to use the VPN when needed, but don't have any use or desire for any portion of my client's VPN to be running in the background when I am doing work for other clients or doing personal tasks.

21 people had this problem
Labels:
8 Replies 8

a5a
Level 1
Level 1

‎04-26-2021 10:16 AM - edited ‎04-26-2021 10:17 AM

And... what (if anything) do these do when a VPN connection is not running?

Yavu
Level 1
Level 1
In response to a5a

‎06-04-2021 01:27 AM

I have exactly the same question. The network configuration shows three services, all with the name "Cisco AnyConnectSocket Filter". Two of them cannot be configured, the configuration pane only shows a message "Please use 'Cisco AnyConnectSocket Filter' to control content filter configuration". One service has some configuration fields, but they do not make any sense: The server address states "Connection managed by Cisco AnyConnect Socket Filter" and no account name is set. Well, at least the "Cisco AnyConnect Socket Filter" is set as VPN Application. 

 

Now, there are two Cisco apps in my Application folder:

- Cisco AnyConnect Secure Mobility Client

- Cisco AnyConnect Socket Filter

 

The second one "Cisco AnyConnect Socket Filter" cannot be started. Only the first one works as expected.

 

Still, I'm really puzzled. A security related service, floating my network configuration with weird stuff, settings which do not make any sense, a service which is always running,  applications that do not work (without any explanation), and an application actually connecting to a VPN, but not using the system features for that (although there are three services in the network config). This does not make the whole thing look trustworthy. And no answer in the forum.

 

Cisco, please clarify that!

 

Yavu
Level 1
Level 1
In response to Yavu

‎06-04-2021 05:04 AM

Another remark: On

 

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect49/upgrade/AnyConnect_macOS_BigSur_Advisory.html

 

the installation of the VPN software is explained in detail, in particular what rights the user have  to grant to the application. But it does not explain why the Any Connect Filter is running all the time.

hmahoney
Level 1
Level 1
In response to Yavu

‎01-05-2022 06:08 PM

These running filters also prevent Mail's private loading of email content from working under macOS Monterey 12.1. The only solution I have found so far is to uninstall AnyConnect and reinstall it when I need to use it. What a pain. And so far, no response from Cisco to this thread.

 

0 Helpful

Bernd Nies
Level 1
Level 1

‎01-04-2022 11:00 PM

On MacOS Monteray (maybe also on Big Sur) the AnyConnect socket filter application consumes all CPU from time to time and causes system lagging and network outages. Process is always running, even when disabled in System Settings -> Network. However, one can remove it from the /Applications folder and restart the notebook afterwards. VPN and ISE posture still works without it.

 

I don't know what these are actually used for, except from that labeled interfaces in Network Settings: DNS proxy, App/Transparent proxy, Content filter

 

Regards,

Bernd

pigsty-guile0d
Level 1
Level 1

‎01-21-2022 04:23 PM

suffer from the same culprit, and all my other devices works fine under the same network, my mac just stops working every night from 21:00 to 23:00, at some point, and I tried, ifconfig en0 down and up, kill the com.cisco.anyconnect.macos.acsockext, and even tried ethernet cable, nothing works, the only way is to restart the mac.

Customers Also Viewed These Support Documents