Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Wireshark 3.0.5 Release: Potential Windows Crash when Updating InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Wireshark 3.0.5 Release: Potential Windows Crash when Updating

Published: 2019-09-21
Last Updated: 2019-09-21 09:50:07 UTC
by Didier Stevens (Version: 1)
0 comment(s)

Wireshark 3.0.5 was just released.

There's a warning for Windows users: you might need to perform a manual uninstall of Npcap to avoid a potential Windows crash.

From the release notes:

If you have Npcap 0.994 or 0.995 installed, your system might crash when upgrading. We recommend that you uninstall these versions manually prior to installing Wireshark. See Npcap bugs 1591 and 1675 for more details. You can uninstall either version manually by doing the following:

  1. Open a command or PowerShell prompt as Administrator and run sc.exe config npcap start=disabled.

  2. Run sc.exe config npf start=disabled. This will fail if WinPcap compatibility mode isn’t enabled, but is otherwise harmless.

  3. Reboot (optional).

  4. Open “Programs and Features” in the Control Panel or “Apps & features” in Settings and uninstall Npcap.

  5. Open “Device Manager” (devmgmt.msc) in the Control Panel and expand the “Network adapters” section. Uninstall each “Npcap Loopback Adapter” that you find.

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

Keywords: update wireshark
0 comment(s)
Diary Archives