j-gray 35 Posted March 12 Share Posted March 12 According to documentation, RD Sensor requires WinPcap wich was last updated in 2013, has been deprecated and is unsupported on current operating systems. It also has documented DLL hijacking vulnerabilities. I tried installing Npcap, the recommended alternative, but the RD Sensor did not detect WinPcap, so would not complete the installation. Is there any workaround for this or any plans for ESET to accommodate Npcap? Quote Link to comment Share on other sites More sharing options...
itman 1,659 Posted March 12 Share Posted March 12 Have you tried Win10Pcap: https://www.win10pcap.org/ ? Quote Link to comment Share on other sites More sharing options...
j-gray 35 Posted March 12 Author Share Posted March 12 4 minutes ago, itman said: Have you tried Win10Pcap: https://www.win10pcap.org/ ? That one hasn't been updated since 2015, wich gives me pause. It did install successfully on Windows 11, though RD Sensor looks specifically for WinPcap and won't proceed with the installation if it doesn't find it. I'm going to try installing WinPcap so I can complete the RD Sensor install. Then I'll remove it and install the current supported version of Npcap and see if that works. Quote Link to comment Share on other sites More sharing options...
j-gray 35 Posted March 12 Author Share Posted March 12 The following seems to work: Install WinPcap then install RD Sensor Stop RD Sensor service Uninstall WinPcap and install Npcap (must choose the option to "Install Npcap in WinPcap API-compatible mode" Restart RD Sensor service Based on the trace.log file it appears to be working properly. The bigger issue is that we have 15 sites with 3-5 subnets each. I can't see doing this manual process a minimum of 45 times. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted March 13 Administrators Share Posted March 13 As for Npcap, unfortunately it is not free: The Npcap free license only allows five installs (with a few exceptions). We are currently in the process of making a decision about the future of RD Sensor and evaluating the possibilities. Quote Link to comment Share on other sites More sharing options...
j-gray 35 Posted March 13 Author Share Posted March 13 6 hours ago, Marcos said: As for Npcap, unfortunately it is not free: The Npcap free license only allows five installs (with a few exceptions). We are currently in the process of making a decision about the future of RD Sensor and evaluating the possibilities. @Marcos Thanks for that --totally missed the licensing limitation. RD Sensor could provide functionality that we desperately need, but just isn't viable with the current model. There's no way we can deploy them at every site and on every subnet, particularly given there is no install for macOS. The manual install is painful, as well. It would be great if this functionality was built into the existing agent and could be enabled if/when needed on any client. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.