Packet Capture service will not start due to NPF driver not properly installed on Network Monitor

book

Article ID: 159442

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor

Issue/Introduction

Packet Capture services shows stop within the Enforce User Interface (UI).


When the monitor server is rebooted, the monitor does not begin capturing traffic. Once the monitor is recycled within the console, it then begins capturing traffic. No packets are seen.

In Enforce < Network Montior status shows "Unknown"
      Error code 1008 Packet Capture is down
      The NPF driver isn't running

Cause

NPF driver is not properly loaded within Windows likely due to incorrect, missing or outdated Wincap version

Resolution

Verify proper version of WinPcap that needs to be installed for the version of DLP. (KB #54595)

1. Open Windows Programs and Features/Add or Remove Programs

2. Remove current version of WinPcap if unknown

3. install lastest version of WinPcap provided for the DLP version in use.

      4.1.1 only for DLP 11x 
      4.1.1 or 4.1.2 for DLP 12.0x

      WinPcap4.1.x.exe is included with the DLP Platform installer within the Third_Party folder and is for Windows only.

4. Recycle Symantec DLP services


Applies To
Network Montior for Windows only

Powered by Wolken Software