[German]A brief information for administrators in enterprise environments. When using Cisco Anyconnect VPN under Windows 10 V1803 it can happen that the Windows Defender Security Center is constantly opened in the foreground.
The VPN Posture (HostScan) module provides the AnyConnect Secure Mobility Client the ability to identify the operating system, antimalware and firewall software installed on the host. The HostScan application, which is among the components delivered by the VPN Posture module, is the application that gathers this information. Cisco ASA Anyconnect Self Signed Certificate By default the Cisco ASA firewall has a self signed certificate that is regenerated every time you reboot it. This can be an issue when you are using SSL VPN as the web browser of your user will give a warning every time it sees an untrusted certificate. Cisco AnyConnect (166) Cisco Application Experience. Cisco ASA 1000V Cloud Firewall (5) Cisco ASA 5500 (44) Cisco ASA 5500 Series (17) Cisco ASA 5505. Download the Cisco AnyConnect VPN for Windows installer. Double-click the InstallAnyConnect.exe file. When a message saying the Cisco AnyConnect client has been installed, click OK. Connect to the Stanford VPN. Launch the Cisco AnyConnect Secure Mobility Client client.
A description of this issue
It is a strange behavior a user reported on MS-Answers. When using Cisco Anyconnect VPN, the Windows Defender Security Center from Windows 10 V1803 opened cyclically a window to report the security status. He wrote:
On several of our Windows 10 1803 Laptops, and when connecting to our VPN using Cisco Anyconnect, Windows Defender Security Centre’s – Security at a Glance constantly opens and becomes the active window.
Every 5 or minutes it takes the foreground and makes it impossible to work while connected, regardless if you close it or shrink it.
All the items have green ticks, do not display any issues when popping up.
I can’t see anyone else having this issue on the almighty google, so am hoping someone here might be able to help?
The root cause and a workaround
The user affected from this behavior has found the root cause and a workaround himself. The Cisco Anyconnect VPN solution checks cyclically whether an antivirus solution is installed under Windows. If such AV software is found, the VPN software checks whether the installed AV solution is up-to-date. Only then a VPN connection is allowed.
Cisco Anyconnect Firewall Disable
Seems a useful approach, and Windows Defender included in Windows 10 was also entered in the AV list of the user affected. As a workaround, the administrator has now excluded the Windows programs AntiVirus, Personal Firewall and AntiSpyware from the security check. This stopped the Windows Defender notification. In the current case, the user writes, ESET Smart Security is used as antivirus solution, firewall and anti-spyware protection on their systems. Maybe it will help if you use this combination and if you are affected.
Advertising
You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using the Quick Start.
The AWS CloudFormation template for this Quick Start includes configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you use. Prices are subject to change.
Tip: After you deploy the Quick Start, we recommend that you enable the AWS Cost and Usage Report. This report delivers billing metrics to an S3 bucket in your account. It provides cost estimates based on usage throughout each month and finalizes the data at the end of the month. For more information about the report, see the AWS documentation.
Cisco Anyconnect Firewall Login
This Quick Start requires an RA-VPN license from Cisco. The Cisco ASAv virtual firewall provides the following licensing options:
- Option 1: Use AWS pay-as-you-go licensing, which is based on hourly billing. This is the default option for this Quick Start.
- Option 2: Use Amazon’s Bring Your Own License model in conjunction with Cisco’s Smart Licensing.
To use this Quick Start in a production environment, see Cisco Adaptive Security Virtual Appliance (ASAv) — Standard Package. Ensure that you subscribe to the image using the correct Region. If you want to use option 2, you must use the correct Amazon Machine Image (AMI). For more information, see how to Deploy the ASAv on the AWS Cloud.
Cisco Anyconnect Firewall Rules
This Quick Start requires a subscription to the AMI for Cisco RA‑VPN, which is available from AWS Marketplace. Additional pricing, terms, and conditions may apply. For instructions, see the deployment guide.