A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the access controls. An attacker could exploit this vulnerability by opening the Internet Explorer. Symptom: SBL connection attempts not working, user gets a warning about captive portal blocking access to the secure gateway Conditions: 1. Configure a non default port for anyonnent, i.e. Office 2010 activation wizard disable. Anything other than 443 2. REMOTE ACCESS VPN- START BEFORE LOGON (SBL) FEATURE WINDOWS 10 These are the “How To” instructions for installing, uninstalling, and using the AnyConnect VPN client with the Start Before Logon (SBL) feature. SBL is availale for VPN users who need to connect. Author: Praveen Kumar Created Date.

Never mind. It's a selection in the Group Policy section.
http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guid..

Images For Cisco Sbl

From:
Enable Additional AnyConnect Modules

Cisco Sbl Gina

To enable additional features, specify the new module names in the group-policy or Local Users configuration. Be aware that enabling additional modules impacts download time. When you enable features, AnyConnect must download those modules to the VPN endpoints.

NoteIf you choose Start Before Logon, you must also enable this feature in the AnyConnect client profile.ProcedureStep 1 In ASDM go toConfiguration >Remote Access VPN >Network (Client) Access >Group Policies.Step 2 Select a group policy and clickEdit or Add a new group policy.Step 3 In the navigation pane, selectVPN Policy >AnyConnect Client. AtClient Modules to Download, clickAdd and choose each module you want to add to this group policy. The modules that are available are the ones you added or uploaded to the ASA.Step 4 ClickApply and save your changes to the group policy.

Cisco Sbl Mac