Blog

Archive for September 21st, 2019

Wireshark 3.0.5 Release: Potential Windows Crash when Updating, (Sat, Sep 21st)

Wireshark 3.0.5 was just released.

There’s a warning for Windows users: you might need to perform a manual uninstall of Npcap to avoid a potential Windows crash.

From the release notes:

If you have Npcap 0.994 or 0.995 installed, your system might crash when upgrading. We recommend that you uninstall these versions manually prior to installing Wireshark. See Npcap bugs 1591 and 1675 for more details. You can uninstall either version manually by doing the following:

  1. Open a command or PowerShell prompt as Administrator and run sc.exe config npcap start=disabled.

  2. Run sc.exe config npf start=disabled. This will fail if WinPcap compatibility mode isn’t enabled, but is otherwise harmless.

  3. Reboot (optional).

  4. Open “Programs and Features” in the Control Panel or “Apps & features” in Settings and uninstall Npcap.

  5. Open “Device Manager” (devmgmt.msc) in the Control Panel and expand the “Network adapters” section. Uninstall each “Npcap Loopback Adapter” that you find.

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Reposted from SANS. View original.

Posted in: SANS

Leave a Comment (0) →