Cisco Cisco AnyConnect Secure Mobility Client v4.x Release Notes
For best results, we recommend a clean install of AnyConnect on a Windows 10 system and not an upgrade from Windows 7/8/8.1.
If you are planning to perform an upgrade from Windows 7/8/8.1 with AnyConnect pre-installed, make sure that you first upgrade
AnyConnect prior to uprading the operating system. The Network Access Manager Module must be uninstalled prior to upgrading
to Windows 10. After the system upgrade is complete, you can re-install Network Access Manager on the system. You may also
choose to fully uninstall AnyConnect and re-install one of the supported versions after upgrading to Windows 10.
If you are planning to perform an upgrade from Windows 7/8/8.1 with AnyConnect pre-installed, make sure that you first upgrade
AnyConnect prior to uprading the operating system. The Network Access Manager Module must be uninstalled prior to upgrading
to Windows 10. After the system upgrade is complete, you can re-install Network Access Manager on the system. You may also
choose to fully uninstall AnyConnect and re-install one of the supported versions after upgrading to Windows 10.
June 2015 and July 2015 OpenSSL Vulnerabilities
Cisco AnyConnect 4.1.04011 resolves CSCuu83398 and CSCuv26246 OpenSSL vulnerabilities.
Cisco AnyConnect 4.1.04011 resolves CSCuu83398 and CSCuv26246 OpenSSL vulnerabilities.
New Features in AnyConnect 4.1.02011
AnyConnect 4.1.02011 is a maintenance release that resolves the defects described in
AnyConnect 4.1.02011, on page 29
.
New Features in AnyConnect 4.1.00028
AnyConnect 4.1.00028 is a major release that resolves the defects described in
AnyConnect 4.1.00028, on page 30
. It also adds the
following new features:
AnyConnect release 4.1.x will become the maintenance path for any 4.x bugs. AnyConnect 4.0 customers
must upgrade to AnyConnect 4.1.x to benefit from future defect fixes. Any defects found in AnyConnect
4.0.x will be fixed in this release 4.1.00028 or future AnyConnect 4.1.x maintenance releases.
must upgrade to AnyConnect 4.1.x to benefit from future defect fixes. Any defects found in AnyConnect
4.0.x will be fixed in this release 4.1.00028 or future AnyConnect 4.1.x maintenance releases.
Note
AMP Enabler
AnyConnect AMP Enabler is used as a medium for deploying Advanced Malware Protection (AMP) for endpoints. It pushes the
AMP for Endpoints software to the endpoints from a server hosted locally within the enterprise and installs AMP services to its
existing user base. This approach provides AnyConnect user base administrators with an additional security agent. If you chose to
install it, any messages related to the actual download of AMP and the installation appear as a partial tile on the AMP Enabler tile of
the AnyConnect UI.
AnyConnect AMP Enabler is used as a medium for deploying Advanced Malware Protection (AMP) for endpoints. It pushes the
AMP for Endpoints software to the endpoints from a server hosted locally within the enterprise and installs AMP services to its
existing user base. This approach provides AnyConnect user base administrators with an additional security agent. If you chose to
install it, any messages related to the actual download of AMP and the installation appear as a partial tile on the AMP Enabler tile of
the AnyConnect UI.
Certificate Revocation List Checking
This feature is only implemented for Windows desktop. For both SSL and IPsec VPN connections, you have the option to perform
Certificate Revocation List (CRL) checking. When this setting is enabled, AnyConnect retrieves the updated CRL for all certificates
in the chain. AnyConnect then verifies whether the certificate in question is among those revoked certificates which should no longer
be trusted; and if found to be a certificate revoked by the Certificate Authority (CA), it does not connect. This feature is disabled by
default.
This feature is only implemented for Windows desktop. For both SSL and IPsec VPN connections, you have the option to perform
Certificate Revocation List (CRL) checking. When this setting is enabled, AnyConnect retrieves the updated CRL for all certificates
in the chain. AnyConnect then verifies whether the certificate in question is among those revoked certificates which should no longer
be trusted; and if found to be a certificate revoked by the Certificate Authority (CA), it does not connect. This feature is disabled by
default.
Automation Support for Proxies
Public proxies are supported on Windows and Linux platforms. Proxy servers are chosen based on preferences set in the client profile.
In case of proxy override, AnyConnect extracts proxy servers from the profile. With release 4.1 we added proxy support on Mac
along with Native-proxy configuration on Linux and Mac.
Public proxies are supported on Windows and Linux platforms. Proxy servers are chosen based on preferences set in the client profile.
In case of proxy override, AnyConnect extracts proxy servers from the profile. With release 4.1 we added proxy support on Mac
along with Native-proxy configuration on Linux and Mac.
Additional Operating Systems Supported
RHEL 7 and Ubuntu 14 were added as supported operating systems for Cisco AnyConnect Secure Mobility Client.
RHEL 7 and Ubuntu 14 were added as supported operating systems for Cisco AnyConnect Secure Mobility Client.
ISE Posture Enhancements
Although there is no change to client functionality or the VPN user experience for ISE posture, enhancements such as elevated posture
processing have been added with ISE 1.4.
processing have been added with ISE 1.4.
4