Incompatible - Symantec SEP v14.3 RU1 and Cisco AnyConnect v4.9.04053 in MacOS Big Sur

JWJW · ‎12-15-2020

Incompatible - Symantec SEP v14.3 RU1 (14.3.3384.1000) and Cisco AnyConnect v4.9.04053 in MacOS Big Sur

Anyone else also facing this issue?

Abbers · ‎12-21-2020

If I can just flesh out this issue a little more, we have noticed a Networking Content Filtering conflict between Cisco AnyConnect 4.9.x and Symantec Endpoint Protection v14.3 RU1 (14.3.3384.1000) running on MacOS Big Sur.

Symantec Endpoint Protection v14.3 RU1 will run without a problem on Big Sur until Cisco AnyConnect is installed.

After the "Cisco AnyConnect Socket Filter" is enabled as part of the AnyConnect install procedure, Symantec Endpoint will display a warning indicating that Setup hasn't completed and the Mac is not protected.

Cisco AnyConnect Socket Filter would like to Filter Network Content

Unfortunately, Symantec Endpoint Protection also wants to Filter Network Content too, and they were installed first:

After we enable Cisco AnyConnect's Network Content Filtering, this will conflict with Symantec Endpoint Protection's Network Content Filtering, and Symantec Endpoint will present a warning message every ten to fifteen minutes indicating we are not protected:

When we click Finish Setup, Symantec Endpoint will re-enable Network Content Filtering, and the warning message will go away, only to return another ten to fifteen minutes later.

I am unable to rollout Big Sur until we have both AnyConnect and Symantec Endpoint antivirus protection, but the current situation is unusable.

This occurs with AnyConnect version 4.9.04043, version 4.9.04053 and 4.9.05042.

I would be grateful for any assistance.

Thank you

JWJW · ‎12-22-2020

@Abbers Hi, nice to see you again. and thank you very much for your detail explanation and screenshots.

For anyone interested, I have also posted this issue in Broadcom / Symantec forum:

https://community.broadcom.com/symantecenterprise/communities/community-home/digestviewer/viewquestion?ContributedContentKey=2018a5d4-e6e1-4c02-9a56-ce391d961dd8&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=digestviewer

maurits · ‎01-05-2021

Anybody found a fix or workaround?

Abbers · ‎01-06-2021

I've found a possible workaround. It involves removing the Cisco AnyConnect Socket filter from the \Applications\Cisco folder . . . yeah, subtle, I know.

Further details in the link above to the Broadcom / Symantec support forum.

Try it on a test Mac first

JWJW · ‎01-06-2021

Hi,

Please help create case for this issue with Broadcom and Cisco, so that they know more users are facing the same issue. I have created case few weeks ago and only receive 1 reply from each of them, quite slow response and solution from them.

RahooL B · ‎01-20-2021

Hi Everyone,

I reviewed this issue and it seems like the Symantec Endpoint Protection (SEP) is aware of the incompatibility from their side and is working on the same for providing a solution, as stated in the broadcom KB article:

https://knowledge.broadcom.com/external/article/206091

The 2 Socket filters (AnyConnect and SEP) should be independent of each other. Here the SEP Network Content filter seems to not be able to work with AnyConnect socket filter, hence the warning is given from SEP side. If AnyConnect filter was having the same issue, we would have seen a prompt from Cisco's end. Moreover, SEP keeps on giving the prompt for Setup not complete even after clicking on Finish setup, which seems to be like a misleading warning. This behavior by SEP could very well occur with any other 3rd party application that installs a Socket Filter. (not suggesting this is the case, but just pointing out that Socket Filters are used by many other applications as well).

Further, SEP needs to provide feedback on as to why it displays that warning and why is it not able to work with AnyConnect.