Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: Wireshark 3.0.5 Release: Potential Windows Crash when Updating - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Wireshark 3.0.5 Release: Potential Windows Crash when Updating

Wireshark 3.0.5 was just released.

There's a warning for Windows users: you might need to perform a manual uninstall of Npcap to avoid a potential Windows crash.

From the release notes:

If you have Npcap 0.994 or 0.995 installed, your system might crash when upgrading. We recommend that you uninstall these versions manually prior to installing Wireshark. See Npcap bugs 1591 and 1675 for more details. You can uninstall either version manually by doing the following:

  1. Open a command or PowerShell prompt as Administrator and run sc.exe config npcap start=disabled.

  2. Run sc.exe config npf start=disabled. This will fail if WinPcap compatibility mode isn’t enabled, but is otherwise harmless.

  3. Reboot (optional).

  4. Open “Programs and Features” in the Control Panel or “Apps & features” in Settings and uninstall Npcap.

  5. Open “Device Manager” (devmgmt.msc) in the Control Panel and expand the “Network adapters” section. Uninstall each “Npcap Loopback Adapter” that you find.

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

393 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!