Forum Discussion
Solved
Npcap keeps updating and crashing the Sensors
Since last week, I keep having an issue where Npcap updates to a newer version than 1.0 and then sensors no longer work. I have uninstalled and reinstalled everything, but an autoupdate hits somehow...
- Vendor said "This is part of the port scanner on the latest version that was released last week. We are looking into this now, as it is conflicting with your product." Recommendation is to remove Barracuda RMM device manager, for now. Also, I can confirm that changing the "AdminOnly" regkey did actually fix it, so that is another work around, if someone doesn't want to remove Barracuda RMM device manager.
EliOfek
Microsoft
MicrosoftDid you manually install npcap or only the sensor and let the sensor auto deploy npcap ?
I suggest to open a support ticket so an engineer can help you trace the update trigger.
MDI does not deploy nmap, and does not auto update npcap.
It has to be something external.
most likely some forgotten policy in the domain.
I would capture a procmon trace on the machine to see which process kicks in the upgrade process.
I suggest to open a support ticket so an engineer can help you trace the update trigger.
MDI does not deploy nmap, and does not auto update npcap.
It has to be something external.
most likely some forgotten policy in the domain.
I would capture a procmon trace on the machine to see which process kicks in the upgrade process.
npcap 1.0 was installed via the sensor install. Can't be a "forgotten policy" because this problem just started last week and there are no policies that update a third party products! I have a support ticket open.
- EliOfekKeep us updated with findings please.
I suggest to run procmon to trace who triggers the upgrade.
BTW - any chance you have WireShark installed on the machine ?I do not. They are DCs, so I want to keep them clean of stuff. Problem with procmon is that I don't have a way to trigger whatever is updating it, so I don't know when its going to happen. I am happy to see above in the thread that another person is seeing the same behaviour.
- EliOfekI bet there are some logs that shows when it starts. and you know when you deployed.
How long does it take to happen? minutes? hours? days ?
Putting 1.71 is an interesting test. let's see if its stays this way or you get nmap installed.
But either way, it won't tell us what it triggering this.