Forum Discussion
Solved
Npcap keeps updating and crashing the Sensors
Since last week, I keep having an issue where Npcap updates to a newer version than 1.0 and then sensors no longer work. I have uninstalled and reinstalled everything, but an autoupdate hits somehow...
- Vendor said "This is part of the port scanner on the latest version that was released last week. We are looking into this now, as it is conflicting with your product." Recommendation is to remove Barracuda RMM device manager, for now. Also, I can confirm that changing the "AdminOnly" regkey did actually fix it, so that is another work around, if someone doesn't want to remove Barracuda RMM device manager.
EliOfek
Microsoft
Microsoftkmcdermott MDI does not auto update npcap, and npcap does not auto upgrade.
If it happened it means you have some policy in effect that auto upgrade it...
Eli, for your reference, I have nothing else installed on this server, other than Windows and the DC services. I install the sensor clean, which installs npcap 1.0. In a few hours it gets upgraded to npcap 1.6 and also installed nmap 7.92. This same thing happens on both of my DCs. I have replicated this over and over. This started last week.
- As a test, I'm uninstalling the npcap 1.6 and nmap 7.92 that are somehow being pushed to me and installing npcap 1.71 to see if it somehow gets downgraded to 1.6.
- EliOfekDid you manually install npcap or only the sensor and let the sensor auto deploy npcap ?
I suggest to open a support ticket so an engineer can help you trace the update trigger.
MDI does not deploy nmap, and does not auto update npcap.
It has to be something external.
most likely some forgotten policy in the domain.
I would capture a procmon trace on the machine to see which process kicks in the upgrade process.- npcap 1.0 was installed via the sensor install. Can't be a "forgotten policy" because this problem just started last week and there are no policies that update a third party products! I have a support ticket open.
- EliOfekKeep us updated with findings please.
I suggest to run procmon to trace who triggers the upgrade.
BTW - any chance you have WireShark installed on the machine ?