Forum Discussion

StefanHJonsson's avatar
StefanHJonsson
Copper Contributor
Feb 26, 2018
Solved

Some network traffic is not being analzyed

I got a new configuration alert yesterday. Seems to be linked with the update of the sensor which happened around the same time. I got the alert for all of my domain controllers. And they are all physical with NIC Teaming.

 

Some network traffic is not being analyzed
The machine that Sensor [Server name] is deployed on is configured with a NIC Teaming adapter. This requires additional configuration.
For more information, refer to https://aka.ms/aatp/teamissue

 

The link offers no more information on the topic. It sends me to the ATA troubleshooting page which doesn't mention NIC Teaming. https://docs.microsoft.com/en-us/advanced-threat-analytics/troubleshooting-ata-known-errors#ata-gateway-and-lightweight-gateway-issues

  • Winpcap - the kernel driver we’re using to “parse” the traffic doesn’t support NIC Teaming.

    you need to install Npcap driver. We are working to support it build-in in the Sensor.

    In the meantime you can follow this instructions: 

    1. download npcap-0.98.exe from https://nmap.org/npcap/

    2. Stops and Disable the Azure ATP Sensor services

    3. Backup the winpcap driver files - in case of an error

    4. Stops and delete the winpcap driver

    5. Install Npcap driver

    6. Re-enable and starts the Azure ATP services

     

    alternately you can just do uninstall to the Sensor, Install Npcap, Install to the Sensor.

1 Reply

  • Winpcap - the kernel driver we’re using to “parse” the traffic doesn’t support NIC Teaming.

    you need to install Npcap driver. We are working to support it build-in in the Sensor.

    In the meantime you can follow this instructions: 

    1. download npcap-0.98.exe from https://nmap.org/npcap/

    2. Stops and Disable the Azure ATP Sensor services

    3. Backup the winpcap driver files - in case of an error

    4. Stops and delete the winpcap driver

    5. Install Npcap driver

    6. Re-enable and starts the Azure ATP services

     

    alternately you can just do uninstall to the Sensor, Install Npcap, Install to the Sensor.

Resources