Packet Capture services shows stop within the Enforce User Interface (UI).

When the monitor server is rebooted, the monitor does not begin capturing traffic. Once the monitor is recycled within the console, it then begins capturing traffic. No packets are seen.

In Enforce < Network Montior status shows "Unknown"
      Error code 1008 Packet Capture is down
      The NPF driver isn't running

NPF driver is not properly loaded within Windows likely due to incorrect, missing or outdated Wincap version

Verify proper version of WinPcap that needs to be installed for the version of DLP. (KB #54595)

1. Open Windows Programs and Features/Add or Remove Programs

2. Remove current version of WinPcap if unknown

3. install lastest version of WinPcap provided for the DLP version in use.

      4.1.1 only for DLP 11x 
      4.1.1 or 4.1.2 for DLP 12.0x

      WinPcap4.1.x.exe is included with the DLP Platform installer within the Third_Party folder and is for Windows only.

4. Recycle Symantec DLP services

Applies To
Network Montior for Windows only