Sometimes the VPN client is waiting for security checks that never complete. If you’re running services that need uninterrupted VPN access, using a hosting or managed VM environment for testing can help keep things working while you troubleshoot Hostscan on your main machine.

The issue where the Cisco Secure Client (VPN) gets stuck at the last step during the HostScan software scan on macOS 15.7.2 with VPN Secure Client version 5.1.8.122.pkg may be related to compatibility or bugs in the Secure Firewall Posture (formerly HostScan) component.
HostScan packages earlier than version 4.8.x do not function properly with macOS Catalina (10.15) and later, causing posture assessment failures and VPN connection issues. Although your macOS version is 15.7.2, similar compatibility issues might apply if the HostScan component is outdated.
Cisco recommends using HostScan 4.8.00175 or later for compatibility with macOS Catalina and newer versions. Older HostScan versions may cause the VPN to get stuck during the posture assessment phase.
As a workaround, administrators can disable Secure Firewall Posture on the ASA headend to restore VPN connectivity, but this disables posture functionality and related policies.
It is advisable to upgrade to the latest Cisco Secure Client and HostScan versions compatible with your macOS version to resolve such issues.
For detailed bug fixes and resolved issues related to Secure Firewall Posture (HostScan) in various releases, Cisco’s release notes for Secure Client 5.1 provide extensive information.
Additionally, macOS Catalina and later do not support 32-bit binaries, which were included in older HostScan packages (4.3.x and earlier), causing VPN connection failures.
You may want to verify that your HostScan component is updated beyond these older versions to avoid software scan issues.
For more information and updates, refer to Cisco’s Field Notice FN-70445 and the Secure Client release notes.