Stop Cisco AnyConnect Secure Mobility Client from starting up automatically

macos startup vpn

So I am currently running:

  • OS X 10.10.5
  • Cisco AnyConnect Secure Mobility Client 4.1.04011

I boot up my laptop and AnyConnect is running. I go into Preferences...Users & Groups and remove /Applications/Cisco/Cisco from my list of login items then I quit AnyConnect.

Shut down...turn computer on later and it's back running and it's back in my login items list.

The company I work for only uses AnyConnect for VPN.

Is there a way for me to keep AnyConnect out of my login items list? It's not that I mind it running in the background but if it is it's in my command + tab, etc... and I just find it annoying.


Solution 1:

Removing the following worked for me.

  • /Library/LaunchAgents/com.cisco.anyconnect.vpnagent.plist
  • /Library/LaunchDaemons/com.cisco.anyconnect.gui.plist

Update: For macOS Catalina and anyconnect 4.7.x removing this single file seems to be enough:

  • /Library/LaunchAgents/com.cisco.anyconnect.gui.plist

Solution 2:

If it's not in "Login Items" then it has to be in launchctl. Always prefer the user interface when there is one rather than messing with files directly:

 launchctl list | grep -i cisco
 launchctl unload -w /Library/LaunchAgents/com.cisco.anyconnect.gui.plist
 launchctl list | grep -i cisco

 # Load it back
 launchctl load -w /Library/LaunchAgents/com.cisco.anyconnect.gui.plist
 launchctl list | grep -i cisco

NB: be careful NOT to run sudo launchctl and NOT to run launchctl from a root terminal, because launchctl is user-dependent. For example, trying to run sudo launchctl unload -w /Library/LaunchAgents/com.cisco.anyconnect.gui.plist results in an error "Could not find specified service", whereas without the sudo it works.

When there's a user interface it's very likely because it does more than just moving one file. Don't take the risk to miss those extra bits; use the official and documented user interface.

launchctl is the equivalent of systemd on Linux or services.msc on Windows. Every mac user should have at least some vague idea of what launchctl does because it manages far more than AnyConnect: basically every process not manually started by the user.

launchctl is documented in (surprise) man launchctl but that's not for the faint of heart. For a friendlier documentation that does not assume you already know the difference between "loading" versus "starting" or between a "daemon" vs a "service" or an "agent" go to http://www.launchd.info/ first.

As a bonus and slightly off-topic answer, here's a clean way to restart the AnyConnect daemon in case it gets stuck as it sometimes does. This is the other, lower-level AnyConnect process(es) without any user interface and running as root that does the actual work:

  sudo launchctl kickstart -kp system/com.cisco.anyconnect.vpnagentd

Avoid kill and killall, see why on http://www.launchd.info/ Be careful where you use sudo since some of the agents and daemons run in user space and some run in system space and different versions of macOS have different syntax and shells.

Solution 3:

So it would seem that if you only install the VPN client AnyConnect will not autostart.

I uninstalled AnyConnect (version 4.x) then reinstalled doing a custom install. I only installed VPN, I did not install:

  • Web Security
  • AMP Enabler
  • Diagnostics and Reporting Tool
  • Posture
  • ISE Posture

Now AnyConnect no longer auto starts (yeah!)

Makes sense I suppose as the other parts that get installed by default are there to "protect" your system.

Solution 4:

This has been driving me crazy. I finally discovered the 3 plist files that appear to control this in /Library/LaunchDaemons. But I couldn't change the RunAtLoad parameter to false, because even after I changed the file permissions I couldn't save the plist files. I finally changed the folder permissions to read and write and applied those changes to the contained items, and at last I've been able to edit and save. I'll know for sure after the next reboot ... something I'll do in a few days because starting up again takes forever.

Solution 5:

Forget about tricky removals of plists and stuff like that, just rename Cisco AnyConnect Secure Mobility Client in Finder, that´s it.

Edit: Strange I got a downvote, because I just tested it myself, and it works without any problems at all. Perhaps not a beautiful solution that addresses the underlaying problem (by design ?), nevertheless... ?

Related

Where are Microsoft Office for Mac My Templates stored?
Where can I download Filemerge - the app for comparing two tools and merging them?
How can I tell exactly what keys are being pressed on the Mac?
How can I change OS X Double-Click on Title Bar to be like Windows?
How to change desktop wallpaper for all virtual desktops?
Mac OSX microphone input volume level auto-adjusts - can it be disabled?
How do I prevent my MacBook from sleeping when downloading apps from the App Store
How to view monitor refresh rate in macOS?
How to disable "look up" context menu in Google Chrome OSX 10.10+?
Turn off the macbook main display while working with monitor [duplicate]
How can I open port 80 so a non-root process can bind to it?
How can I force a Photo Stream sync on the iPhone?