j-gray 44 Posted March 12 Posted March 12 According to documentation, RD Sensor requires WinPcap wich was last updated in 2013, has been deprecated and is unsupported on current operating systems. It also has documented DLL hijacking vulnerabilities. I tried installing Npcap, the recommended alternative, but the RD Sensor did not detect WinPcap, so would not complete the installation. Is there any workaround for this or any plans for ESET to accommodate Npcap?
j-gray 44 Posted March 12 Author Posted March 12 4 minutes ago, itman said: Have you tried Win10Pcap: https://www.win10pcap.org/ ? That one hasn't been updated since 2015, wich gives me pause. It did install successfully on Windows 11, though RD Sensor looks specifically for WinPcap and won't proceed with the installation if it doesn't find it. I'm going to try installing WinPcap so I can complete the RD Sensor install. Then I'll remove it and install the current supported version of Npcap and see if that works.
j-gray 44 Posted March 12 Author Posted March 12 The following seems to work: Install WinPcap then install RD Sensor Stop RD Sensor service Uninstall WinPcap and install Npcap (must choose the option to "Install Npcap in WinPcap API-compatible mode" Restart RD Sensor service Based on the trace.log file it appears to be working properly. The bigger issue is that we have 15 sites with 3-5 subnets each. I can't see doing this manual process a minimum of 45 times.
Administrators Marcos 5,469 Posted March 13 Administrators Posted March 13 As for Npcap, unfortunately it is not free: The Npcap free license only allows five installs (with a few exceptions). We are currently in the process of making a decision about the future of RD Sensor and evaluating the possibilities.
j-gray 44 Posted March 13 Author Posted March 13 6 hours ago, Marcos said: As for Npcap, unfortunately it is not free: The Npcap free license only allows five installs (with a few exceptions). We are currently in the process of making a decision about the future of RD Sensor and evaluating the possibilities. @Marcos Thanks for that --totally missed the licensing limitation. RD Sensor could provide functionality that we desperately need, but just isn't viable with the current model. There's no way we can deploy them at every site and on every subnet, particularly given there is no install for macOS. The manual install is painful, as well. It would be great if this functionality was built into the existing agent and could be enabled if/when needed on any client. Sean_TER 1
Recommended Posts