When the monitor server is rebooted, the monitor does not begin capturing traffic. Once the monitor is recycled within the console, it then begins capturing traffic. No packets are seen.
Relevant Versions: 7.2 and up
This issue occurs when:
1. WinPCAP is not installed properly. Reinstall WinPCAP. Check to see if the Network monitor is capturing traffic. You may have to recycle the server.
2. The registry key does not get updated to load npf driver at startup. Once a privileged user runs "net start npf" or an application uses WinPcap (e.g. Wireshark), it is loaded permanently and available for all applications to use.
To resolve this issue, install the registry key from https://exftpp.symantec.com located under
The registry settings we supply set the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF\Start 1
so that npf.sys loads at system start instead of on demand.