cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5501
Views
0
Helpful
0
Comments
cchavez2
Level 1
Level 1

1. SYMPTOM:

 

The user gets this Cisco AnyConnect Secure Mobility Client VPN User Message: The VPN client was unable to setup IP filtering. A VPN connection will not be established.

 

 

 

2. CONDITIONS:

 

  1. The user can not install The AnyConnnect Secure Mobility Client.
  2. The AnyConnect Secure Mobility Client worked fine before, however; the end user can't establish a connection anymore.

 

 

 

3. WORKAROUND:

 

3.1. TECHNICAL INFORMATION:

 

3.1.1. WIN32/SIREFEF:

Win32/Sirefef is a multi-component family of malware that uses stealth to hide its presence on your computer. Due to the nature of this threat, the payload may vary greatly from one infection to another, although common behavior includes:

      1. Downloading and executing of arbitrary files.
      2. Contacting remote hosts.
      3. Disabling of security features.

 

CAUTION: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. As a consequence of being infected with this threat, you may need to repair and reconfigure some Windows security features.

 

Sirefef attempts to stop and delete the following security-related services:

      1. Windows Defender Service (windefend).
      2. IP Helper Service (iphlpsvc).
      3. Windows Security Center Service (wscsvc).
      4. Windows Firewall Service (mpssvc).
      5. Base Filtering Engine Service (bfe).

 

3.1.2. CISCO ANYCONNECT SECURE MOBILITY CLIENT VPN USER MESSAGE:

The VPN client was unable to setup IP filtering. A VPN connection will not be established.

 

Description:

AnyConnect failed to apply the VPN configuration settings to its IP filtering subsystem.  A VPN connection is not permitted because this failure could compromise both its security and data integrity. This error is unrecoverable.

 

Recommended User Response:

Restart the computer or device. Restart the VPN connection. Run DART. (See: Managing, Monitoring, and Troubleshooting AnyConnect Sessions.) Report the error to your organization's technical support and include the DART bundle.

 

Recommended Administrator Response:

Open a case with the Cisco Technical Assistance Center (TAC) and include the DART bundle.

 

 

3.2. CONSIDERATIONS:

 

    1. This solution applies to Windows Vista and Windows 7 users only.
    2. It's a good practice to backup your files before you attempt the procedure described below.

 

 

3.3. PROCEDURE:

 

3.3.1. Remove Win32/Sirefef.

 

3.3.2. Verify that the Base Filtering Engine is missing.

 

      • Click Start, type services.msc into the search field and then click services.

 

 

http://kb.eset.com/library/ESET/KB%20Team%20Only/SOLN2861/SOLN2861Fig1-1.png

 

      • Look for the Base Filtering Engine entry in the "Name" field, which is sorted alphabetically.

 

 

http://kb.eset.com/library/ESET/KB%20Team%20Only/SOLN2861/SOLN2861Fig1-2resize.png

 

 

3.3.3. Reinstall Base Filtering Engine.

 

      • Click the link below to download the ESET ServicesRepair utility and save it to your Desktop.

 

ServicesRepair.exe

 

      • Double-click ServicesRepair.exe to run the ESET ServicesRepair utility. If you are using User Access Control click Run when prompted, and then click Yes when asked to allow changes.

 

http://kb.eset.com/library/ESET/KB%20Team%20Only/SOLN2861/SOLN2861FIG2-1.png

      • Follow the prompts to repair the Base Filtering Engine service. Once the ServicesRepair utility finishes running click Yes to restart your computer.

 

http://kb.eset.com/library/ESET/KB%20Team%20Only/SOLN2861/SOLN2861FIG2-2.png

 

      • Once your computer restarts, install or execute The AnyConnect Secure Mobility Client.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: