VPN, Cisco AnyConnect (or Cisco Secure Client) Socket Filter for Mac OS Big Sur and newer Mac OS
What is Cisco AnyConnect (or Cisco Secure Connect) Socket Filter?
AnyConnect/Secure Client uses a network system extension on macOS 11, bundled into an application named Cisco AnyConnect Socket Filter (or Cisco Secure Client - Socket Filter). (This app controls the extension activation and deactivation and is installed under /Applications/Cisco.)
The AnyConnect (or Secure Client) extension has the following three components:
- DNS proxy
- App/Transparent proxy
- Content filter
Do I need to have Cisco AnyConnect (or Secure Client) Socket Filter installed and Running?
No, not for the Urbana Campus VPN. It is used for advanced security functions not used by the Urbana campus.
Do NOT allow the System extension in Big Sur or Monterey (there is a bug that causes a conflict in these OSs at least through Mac OS 12.3).
The best way to keep it from running until the bug is fixed is to delete the Application "Cisco AnyConnect Socket Filter.app" (or Cisco Secure Client - Socket Filter) from your computer and reboot.
How do I tell if the Socket Filter is installed and Running?
These components are visible in the macOS System Preferences – Network UI window:
Figure 1. DNS Proxy Component in the Network Preference Panel - state is green and Running
Figure 2. App/Transport Proxy Component in the Network Preference Panel - state is green and Connected
Figure 3. Content Filter Component in the Network Preference Panel - state is green and Running
You can read more technical details from Cisco.