Does USBPcapCMD.exe need admin rights/privileges to perform USB packet capture

desowin / usbpcap

USB packet capture for Windows

http://desowin.org/usbpcap

902 stars 170 forks source link

Does USBPcapCMD.exe need admin rights/privileges to perform USB packet capture #56

Closed kirankumarg81 closed 6 years ago

kirankumarg81 commented 6 years ago

Would like to know if USBPcapCMD.exe need admin rights/privileges to perform USB capture. Platform: Windows-7 USBPcap version: 1.2.0.3

It is installed by Admin and executed by user in my case. Let me know if admin need to set any permissions on USBPcapCMD.exe file.

Thank you.

desowin commented 6 years ago

The actual capture needs Elevated priviledges. There's no need to set any special permissions on the USBPcapCMD - if you start capture from unelevated USBPcapCMD, it'll automatically display the UAC elevation dialog.

The only reason for the admin rights is to prevent malicious use of the USBPcapDriver (eg. to prevent unelevated viruses from capturing the USB traffic).

desowin commented 6 years ago

If you run USBPcapCMD as non-admin user, the UAC screen will ask for admin username and password.

desowin commented 6 years ago

Closing this as this is basic security precaution to require admin rights for capturing on USB devices (USB keyboards are really common nowadays).

kirankumarg81 commented 6 years ago

Thanks for the reply, it was very useful.