Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
792
Views
0
Helpful
1
Replies

Can't remove anyconnect Content Filter on MacOS after uninstalling

mikeleffring
Level 1
Level 1

‎03-27-2024 07:28 AM

Posting here and in an Apple forum to try and make some progress on this issue. We have a user that has a company owned and managed MacBook Pro (16-inch, 2021) behind our MDM solution Addigy. We have previously had all our windows and macos users on AnyConnect, MacOS users specifically had been running version 4.10.07061. Between performance and functionality issue, the need to be rid of that version to release our Cisco Umbrella agents, and the newer and better working Cisco Secure Connect client being available, we have started testing with some windows and mac users the new client. For our mac users specifically, its working great so we are starting to roll it out to everyone. I have this one user in particular that is on the Mac I described above that after running the built in anyconnect uninstaller, one Content Filter won't remove. This is located in the MacOS settings, Network, Filters area. I know it was legacy anyconnect as it said Cisco AnyConnect and Content filter. It had also lost its anyconnect logo next to it. When that content filter still exists, I can't get the newly installed Cisco secure client to funciton, it just says cannot connect the vpn service. The only cisco service is the old anyconnect one, com.apple.cisco.anyconnect... but i was able to permentently kill that after failing to by just killing it (it would just turn back on) by going into recovery mode and disabling SPI, then removing related dirs found online, here: https://discussions.apple.com/thread/252744184?sortBy=best and https://kb.mit.edu/confluence/display/mitcontrib/Cisco+Anyconnect+Manual+uninstall+Mac+OS

Before Service was stopped and removed, the Cisco AnyConnect content filter in apple settings was there, blurred out so you can't just remove it, and green status light I assume for active. After service removal, same for everything except status light was yellow I assume for inactive. But sitll couldn't remove it or disable it. I feel I've used my knowledge, the google, and coworkers. I don't know what to do short or wiping the mac which isn't a great option for this user. I am interested to try this command but don't think it will do anything for the content filter:

 sudo launchctl unload
/Library/LaunchDaemons/com.cisco.anyconnect.vpnagentd.plist && /Applications/Cisco/Cisco\ AnyConnect\
Socket\ Filter.app/Contents/MacOS/Cisco\ AnyConnect\Socket\ Filter -deactivateExt && echokext=1 | sudo
tee /opt/cisco/anyconnect/acsock.cfg && sudo launchctl load
/Library/LaunchDaemons/com.cisco.anyconnect.vpnagentd.plist

Found it on a Cisco Anyconnect Appendix document. Any help would be greatly appreciated.  

1 person had this problem
Labels:
0 Helpful
1 Reply 1

ciscouser11
Level 1
Level 1

‎05-15-2024 10:01 AM

Do you have profiles that define the com.apple.system.anyconnect.macos.acsockext. Delete that and the content filter goes away

0 Helpful
Customers Also Viewed These Support Documents