Jump to content

Recommended Posts

Posted

According to documentation, RD Sensor requires WinPcap wich was last updated in 2013, has been deprecated and is unsupported on current operating systems. It also has documented DLL hijacking vulnerabilities.

I tried installing Npcap, the recommended alternative, but the RD Sensor did not detect WinPcap, so would not complete the installation.

Is there any workaround for this or any plans for ESET to accommodate Npcap?

 

Posted
4 minutes ago, itman said:

Have you tried Win10Pcap: https://www.win10pcap.org/ ?

That one hasn't been updated since 2015, wich gives me pause. It did install successfully on Windows 11, though RD Sensor looks specifically for WinPcap and won't proceed with the installation if it doesn't find it.

I'm going to try installing WinPcap so I can complete the RD Sensor install. Then I'll remove it and install the current supported version of Npcap and see if that works.

Posted

The following seems to work:

  1. Install WinPcap then install RD Sensor
  2. Stop RD Sensor service
  3. Uninstall WinPcap and install Npcap (must choose the option to "Install Npcap in WinPcap API-compatible mode"
  4. Restart RD Sensor service

Based on the trace.log file it appears to be working properly.

The bigger issue is that we have 15 sites with 3-5 subnets each. I can't see doing this manual process a minimum of 45 times.

  • Administrators
Posted

As for Npcap, unfortunately it is not free: The Npcap free license only allows five installs (with a few exceptions).

We are currently in the process of making a decision about the future of RD Sensor and evaluating the possibilities.

Posted
6 hours ago, Marcos said:

As for Npcap, unfortunately it is not free: The Npcap free license only allows five installs (with a few exceptions).

We are currently in the process of making a decision about the future of RD Sensor and evaluating the possibilities.

@Marcos Thanks for that --totally missed the licensing limitation.

RD Sensor could provide functionality that we desperately need, but just isn't viable with the current model. There's no way we can deploy them at every site and on every subnet, particularly given there is no install for macOS. The manual install is painful, as well.

It would be great if this functionality was built into the existing agent and could be enabled if/when needed on any client.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...