What versions of Winpcap are supported with Symantec DLP up to DLP v10.5.3?

book

Article ID: 160710

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor

Issue/Introduction

 

Symantec DLP v10x supports Winpcap 4.0.2. Symantec DLP v11x supports 4.1.1 and higher. Symantec DLP v12x supports 4.1.2 and higher.

 

 

Note: Winpcap is only required on Windows-based Network Monitors that do not use Endace.

 

Resolution

Relevant versions:  8.0 - 10.5.3

Caveat:
The default installation of Winpcap 4.0 might not configure itself to load the filter driver automatically. If you have problems capturing data on a new Symantec DLP Detection server, please check the following instructions. These changes will force WinPCAP to load when the machine boots

1. Run 'net stop "Vontu Monitor"'

2. Run 'net stop npf'

3. If it is not already present on the machine, install WinPcap 4.0

4. Edit the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF

The REG_DWORD value called "Start" should have its data changed to '1'

5. Run 'net start npf'

6. Run 'net start "Vontu Monitor"'

7. Verify that you're capturing traffic

8. If traffic is not properly captured, reboot the system fully and repeat step 7.

 

See TECH220183 for WinPcap with DLP v11 and newer