Hi,
We have just installed AnyConnect on our ASA and have setup a basic DAP hostcheck policy to check registry for domain membership, along with the presence of selected AntiVirus products.
However, some users have been able to bypass the hostcheck via programs such as https://github.com/Gilks/hostscan-bypass
It also seems to be possible for anyone to access the hostcheck criteria, registry keys etc via the https://<hostname>/CACHE/sdesktop/data.xml file
Does anyone know any methods of mitigating this exploit, or of obfuscating the client requirements/config from the data.xml file?