What versions of Winpcap are supported with Symantec DLP up to DLP v10.5.3?


Article ID: 160710


Updated On:


Data Loss Prevention Network Monitor



Symantec DLP v10x supports Winpcap 4.0.2. Symantec DLP v11x supports 4.1.1 and higher. Symantec DLP v12x supports 4.1.2 and higher.



Note: Winpcap is only required on Windows-based Network Monitors that do not use Endace.



Relevant versions:  8.0 - 10.5.3

The default installation of Winpcap 4.0 might not configure itself to load the filter driver automatically. If you have problems capturing data on a new Symantec DLP Detection server, please check the following instructions. These changes will force WinPCAP to load when the machine boots

1. Run 'net stop "Vontu Monitor"'

2. Run 'net stop npf'

3. If it is not already present on the machine, install WinPcap 4.0

4. Edit the registry:


The REG_DWORD value called "Start" should have its data changed to '1'

5. Run 'net start npf'

6. Run 'net start "Vontu Monitor"'

7. Verify that you're capturing traffic

8. If traffic is not properly captured, reboot the system fully and repeat step 7.


See TECH220183 for WinPcap with DLP v11 and newer