1 Reply Latest reply on Mar 3, 2016 4:45 AM by boschind

    Cisco AnyConnect VPN Client bad installation due to HIPS

    boschind

      Cisco AnyConnect VPN Issues

       

      the closed discussion - see the link above - is closed with a workaround suggested by Cisco and not with a solution provided by Intel/McAfee

       

      is there a solution from McAfee ? is there a way to setup / configure HIPS so that allows AnyConnect Setup process to work correctly ?

        • 1. Re: Cisco AnyConnect VPN Client bad installation due to HIPS
          boschind

          here an extract of the workaround from Cisco:

           

          "for your information, Cisco has notified this bug, number:  CSCti16453 Cisco Bug: CSCti16453 - AnyConnect cannot connect when installed after McAfee Internet Security

          You can read:

          AnyConnect cannot connect when installed after McAfee Internet Security

          Symptom:

          If installed after 3rd party personal firewall/AV product, AnyConnect will fail to connect. EventViewer will report inability to change the interface name for virtual adapter.

          Conditions:

          If installed after 3rd party personal firewall/AV product, AnyConnect will fail to connect

          Workaround:

          Disable all the features of personal firewall/AV, make a small change on AnyConnect virtual adapter and connect. 

          Further problem description

          The AnyConnect virtual adapter (VA) driver is not properly installed due to the McAfee Internet Security self-protection mechanism denying certain registry operations. The McAfee log file McSvHost000.log includes multiple entries resembling the following:

          (Information)$ [ naiann.dll]$ NewInfection [AnnounceType: BBRuleViolation][ThreadID: 3452][WinStationID: 0][EventID: 1092][Action: 3][Location: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mfendisk\Parameters\Adapters\Nd isWanIp\UpperBindings][Process C:\Program Files\Cisco\Cisco AnyConnect VPN Client\VACon.exe][Rule: G_060_CommonOn:Prevent modification of McAfee files and settings]

          (Note that the UpdateDriverForPlugAndPlayDevices Windows API, used to install the driver does not return an error, therefore AnyConnect assumes successful installation.)


          As a result, even after enabling the VA via the Device Manager Management Console (devmgmt.msc), the virtual adapter is not listed by the Windows ipconfig command. Similarly, vpnagent fails to identify the VA connection name (due to the GetAdaptersAddresses native API not returning the AnyConnect virtual adapter) leading to the VPN connection failure.

          Note that the VA installation works fine with McAfee VirusScan Enterprise installed. The problem only happens if the AnyConnect installation is performed with McAfee Internet Security installed.