Feb 25 2018
- last edited on
Nov 30 2021
I got a new configuration alert yesterday. Seems to be linked with the update of the sensor which happened around the same time. I got the alert for all of my domain controllers. And they are all physical with NIC Teaming.
Some network traffic is not being analyzed
The machine that Sensor [Server name] is deployed on is configured with a NIC Teaming adapter. This requires additional configuration.
For more information, refer to https://aka.ms/aatp/teamissue
The link offers no more information on the topic. It sends me to the ATA troubleshooting page which doesn't mention NIC Teaming. https://docs.microsoft.com/en-us/advanced-threat-analytics/troubleshooting-ata-known-errors#ata-gate...
Feb 26 2018 05:03 AM - edited Feb 26 2018 05:04 AMSolution
Winpcap - the kernel driver we’re using to “parse” the traffic doesn’t support NIC Teaming.
you need to install Npcap driver. We are working to support it build-in in the Sensor.
In the meantime you can follow this instructions:
1. download npcap-0.98.exe from https://nmap.org/npcap/
2. Stops and Disable the Azure ATP Sensor services
3. Backup the winpcap driver files - in case of an error
4. Stops and delete the winpcap driver
5. Install Npcap driver
6. Re-enable and starts the Azure ATP services
alternately you can just do uninstall to the Sensor, Install Npcap, Install to the Sensor.