VPN, Cisco AnyConnect Socket Filter for Mac OS Big Sur

AnyConnect VPN version 4.9 and later use a system extension to provide functionality that used to be in a kernel extension for Mac OS Big Sur and later operating systems.

What is Cisco AnyConnect Socket Filter?

AnyConnect uses a network system extension on macOS 11, bundled into an application named Cisco AnyConnect Socket Filter. (This app controls the extension activation and deactivation and is installed under /Applications/Cisco.)

The AnyConnect extension has the following three components:

  • DNS proxy
  • App/Transparent proxy
  • Content filter

Do I need to have Cisco AnyConnect Socket Filter installed and Running?

No, not for the Urbana Campus VPN.  It is used for advanced VPN functions not used by the Urbana campus.

Do NOT allow the System extension in Big Sur or Monterey (there is a bug that causes a conflict in these OSs at least through Mac OS 12.3).

The best way to keep it from running until the bug is fixed is to delete the Application "Cisco AnyConnect Socket Filter.app" from your computer and reboot.

How do I tell if the Socket Filter is installed and Running?

These components are visible in the macOS System Preferences – Network UI window:


Figure 1. DNS Proxy Component in the Network Preference Panel - state is green and Running


Figure 2. App/Transport Proxy Component in the Network Preference Panel - state is green and Connected


Figure 3. Content Filter Component in the Network Preference Panel - state is green and Running

You can read more technical details from Cisco.