Forum Discussion
ppgd2019
Sep 26, 2019Copper Contributor
Azure ATP sensor install failing
I've installed the sensor on 4 DCs, but this fifth one is failing (same domain etc.) During the installation the entry appears briefly in the ATP portal, but it seems the updater service is faili...
Lordmafi
Apr 09, 2020Copper Contributor
In Addition if I run the install I see following error:
Event Viewer->System->Error 7000:
The NetGroup Packet Filter Driver service failed to start due to the following error:
The system cannot find the file specified.
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2020-04-09T10:10:15.328188100Z" />
<EventRecordID>815478</EventRecordID>
<Correlation />
<Execution ProcessID="608" ThreadID="3748" />
<Channel>System</Channel>
<Computer>*******</Computer>
<Security />
</System>
<Data Name="param1">NetGroup Packet Filter Driver</Data>
<Data Name="param2">%%2</Data>
<Binary>6E00700066000000</Binary>
</EventData>
</Event>
Lordmafi
Apr 09, 2020Copper Contributor
Alright it turns out that the issue was with the npcap 0.9990 it was not possible with the tool to work. I unistalled and installed the old WINPcap 4.1.3 (4.1.0.2980). Afterwards the Sensor was able to install.
Actions I did previously:
-Repair Windows update as I got same error like in installer
-Repair .NET
-Install .NET 4.8
-Unistall and Install npcap several times
-run updates
- EliOfekApr 09, 2020
Microsoft
We currently only support npcap <=0.9984.
We can support newer versions with a workaround if needed, but the deployment won't work OOTB with the newer ones just yet.A fix for that is ready but is not released as the service is under freeze during this period.
- PiotrWegielJan 16, 2024Copper Contributor
In my case adding .net registry keys, silent install and restart helped with the issue.