Cisco AnyConnect no longer spawns vpnui.exe and therefore does not perform "System Scan" (VPN Posture/ISE Posture module)
Cisco AnyConnect no longer spawns vpnui.exe and therefore does not perform "System Scan" (VPN Posture/ISE Posture module)
After updating from 2021.2.28.0 to 2022.1.12.0 the AnyConnect addon no longer starts vpnui.exe to perform the posture feature: system scan.
This functionality is required to connect to any server where posture is required (see https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/configure-posture.html)
Previously the vpnui would launch after the CLI connected, immediately performing the system scan, this is no longer the case. Thus no network access is permitted by AnyConnect.
Did anything change in this regard? - I tried downgrading Anyconnect from 4.9 to 4.7 to no avail.
All Comments (2)
If anyone else is having this issue, I made a temporary workaround by adding an "after open" event on the VPN entry.
Hello,
Thank you for contacting us on that matter!
One of our engineers provided me some information to share with you regarding your question. He tells me that no changes have been made to our Cisco AnyConnect integration in some time, so the behavior should not be too different between those versions. He also tells me that, to his knowledge, we have always used vpncli.exe, and not vpnui.exe, for this integration. This is because we launch this VPN using command lines, not the UI.
Let me know if that helps!
Best regards,
Gabriel Degrandpré