Disable the VPN Module in Secure Client

Available Languages

Download Options

  • PDF     (152.7 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (212.7 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (163.6 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:September 3, 2025
Document ID:224787

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to disable the VPN module in Secure Client while ensuring DNS traffic interception continues to function.

    Requirement for VPN Module in Secure Client

    The VPN module is a required component of Secure Client, even if AnyConnect is not used for VPN access. Umbrella relies on shared Secure Client drivers to intercept and manage DNS traffic. Although installation of the VPN module is mandatory, you can fully disable VPN functionality.

    Methods to Disable VPN Functionality

    You can disable the VPN functionality in Secure Client by disabling it:

    • During installation using install arguments (Windows) or modifying the installation package (OSX).
    • After installation by deploying a configuration profile to the endpoint (which can be deployed programmatically).

    Disable VPN Module During Installation

    Windows

    1. During installation, use the PRE_DEPLOY_DISABLE_VPN=1 MSI argument to disable VPN functionality.
    2. For details, review Customize Windows Installations of Cisco Secure Client.

    macOS

    1. Customize the installation package (.DMG) with an ACTransforms.xml file which controls the enablement of the VPN functionality.
    2. For more information, see Customize MacOS installations of Cisco Secure Client.

    Disable VPN Module Post Installation

    1. Navigate to the profile directory on the endpoint:

      • Windows:
        C:\ProgramData\Cisco\Cisco Secure Client\VPN\Profile\
        note-icon

        Note: The ProgramData folder is hidden by default in Windows. Type the path directly into Windows Explorer if needed.

      • macOS:
        /opt/cisco/secureclient/vpn/profile/

    2. Create a new blank text document.

    3. Copy the provided XML content into the document and save it as VPNDisable_ServiceProfile.xml in the Profile folder:

      <?xml version="1.0" encoding="utf-8"?>

      <!--

         Cisco AnyConnect VPN Profile -

         This profile is a sample intended to allow for the disabling of VPN service

         for those installations that do not require VPN support.

      -->

      <AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">

        <ClientInitialization>

           <ServiceDisable>true</ServiceDisable>

        </ClientInitialization>

      </AnyConnectProfile>

    4. After saving the VPNDisable_ServiceProfile.xml file in the profile folder, restart the computer.

      • On Windows, you can alternatively restart the Cisco Secure Client – AnyConnect VPN Agent service using Windows Services.
        1821295679298018212956792980

    Verification

    After restarting, launch the Secure Client graphical user interface (GUI) to verify that the VPN module is disabled.

    1821222947202018212229472020

    Revision History

    Revision Publish Date Comments
    1.0
    05-Sep-2025
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products