Hello folks,

Our organization recently deployed WDAG (Windows Defender Application Guard) and we have noticed an intermittent error on our user machines when launching Cisco AnyConnect. The error they are getting is "Posture Assessment Failed: Hostscan CSD prelogin verification failed".

When digging into the DART logs, we found that our Hostscan CSD package is not loading correctly due to an issue with the Internet Connection Sharing service being enabled. When disabling the Internet Connection Sharing service in Windows, the user is able to connect without an issue.

Here's the catch!

According to Microsoft, the Internet Connection Sharing service must be enabled for WDAG to work properly:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard

Whereas Cisco AnyConnect is clearly looking for that same service to be disabled:
https://community.cisco.com/t5/vpn/error-in-anyconnect-client-installation/td-p/2619724

According to the previous post from Kanwaljeet in the Cisco link, the Internet Connection Sharing service must be disabled.

Is there any way to get AnyConnect to work reliably with ICS enabled, or have you folks heard of any way to allow WDAG to work with ICS disabled?

We seem to be stuck between a rock and a hard place, as our organization is greatly interested in the security features provided by WDAG.

Thank you
-Travis R.

Additional information:
Cisco AnyConnect version 4.9.01095
Hostscan 4.8.03036
Windows 10 Build 2004