cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Some network traffic is not being analzyed

Stefan Jonsson
Copper Contributor

‎Feb 25 2018 10:39 PM - last edited on ‎Nov 30 2021 10:09 AM by

‎Feb 25 2018 10:39 PM - last edited on ‎Nov 30 2021 10:09 AM by

Some network traffic is not being analzyed

I got a new configuration alert yesterday. Seems to be linked with the update of the sensor which happened around the same time. I got the alert for all of my domain controllers. And they are all physical with NIC Teaming.

 

Some network traffic is not being analyzed
The machine that Sensor [Server name] is deployed on is configured with a NIC Teaming adapter. This requires additional configuration.
For more information, refer to https://aka.ms/aatp/teamissue

 

The link offers no more information on the topic. It sends me to the ATA troubleshooting page which doesn't mention NIC Teaming. https://docs.microsoft.com/en-us/advanced-threat-analytics/troubleshooting-ata-known-errors#ata-gate...

3,091 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by Stefan Jonsson (Copper Contributor)
Itay Argoety

‎Feb 26 2018 05:03 AM - edited ‎Feb 26 2018 05:04 AM

‎Feb 26 2018 05:03 AM - edited ‎Feb 26 2018 05:04 AM

Solution

Re: Some network traffic is not being analzyed

Winpcap - the kernel driver we’re using to “parse” the traffic doesn’t support NIC Teaming.

you need to install Npcap driver. We are working to support it build-in in the Sensor.

In the meantime you can follow this instructions: 

1. download npcap-0.98.exe from https://nmap.org/npcap/

2. Stops and Disable the Azure ATP Sensor services

3. Backup the winpcap driver files - in case of an error

4. Stops and delete the winpcap driver

5. Install Npcap driver

6. Re-enable and starts the Azure ATP services

 

alternately you can just do uninstall to the Sensor, Install Npcap, Install to the Sensor.

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Stefan Jonsson (Copper Contributor)
Itay Argoety

‎Feb 26 2018 05:03 AM - edited ‎Feb 26 2018 05:04 AM

‎Feb 26 2018 05:03 AM - edited ‎Feb 26 2018 05:04 AM

Solution

Re: Some network traffic is not being analzyed

Winpcap - the kernel driver we’re using to “parse” the traffic doesn’t support NIC Teaming.

you need to install Npcap driver. We are working to support it build-in in the Sensor.

In the meantime you can follow this instructions: 

1. download npcap-0.98.exe from https://nmap.org/npcap/

2. Stops and Disable the Azure ATP Sensor services

3. Backup the winpcap driver files - in case of an error

4. Stops and delete the winpcap driver

5. Install Npcap driver

6. Re-enable and starts the Azure ATP services

 

alternately you can just do uninstall to the Sensor, Install Npcap, Install to the Sensor.

View solution in original post

0 Likes
Reply