[npcap] - wireshark stopped see adapters after windows 10 updated to "annivarsary edition"

[zdm]

Hi. Today windows 10 was updated and wireshark don't see network adapters any more. I am tried to reinstall npcap and wireshark - this wasn't helpful. Npcap installed in winpcap compat. mode and wireshark detected npcap during install process.

[zdm]

Winpcap works. Npcap - not.

[hsluoyz]

Hi @zdm ,

Is your OS x86 or x64? Which Npcap version and Wireshark version did you use? Which Npcap installation options did you choose? Thanks.

I have tested latest Npcap 0.08 r3 (with WinPcap Compat Mode) and latest Wireshark Development Release (2.1.1) on my Win10 x64 Anniversary version without any issues.

Please don't use Wireshark Stable Release because it can't recognize the new version Npcap when installed in non-WinPcap Compat Mode (which is by default).

[zdm]

Windows 10 x64

Wireshark 2.0.5 x 64

I tried following npcap versions: 0.08-r2 0.08 0.07-r17

On 08.08.2016 03:42, Yang Luo wrote:

Hi @zdm https://github.com/zdm ,

Is your OS x86 or x64? Which Npcap version and Wireshark version did you use? Thanks.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/nmap/nmap/issues/492#issuecomment-238119783, or mute the thread https://github.com/notifications/unsubscribe-auth/AA-mSPLEBGTtgI64dafMqjuEtOfrt_7sks5qdnt3gaJpZM4JekI0.

[hsluoyz]

I tried your environment and didn't encounter that issue. What error message did you actually see?

[zdm]

Wireshark doesn't show any errors, just shows no adapters.

On 08.08.2016 08:10, Yang Luo wrote:

I tried your environment and didn't encounter that issue. What error message did you actually see?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/nmap/nmap/issues/492#issuecomment-238143145, or mute the thread https://github.com/notifications/unsubscribe-auth/AA-mSKXeekOXzqlfxLlmsNTGN7LmW13Fks5qdrozgaJpZM4JekI0.

[hsluoyz]

1. Install Npcap with default options.
2. Reboot after intall.
3. try nmap --iflis and paste the output here.

[zdm]

I have removed winpcap and installed npcap-v0.08-r2 with default options.

In not elevated cmd nmap return nothing:

But in elevated I got error:

[hsluoyz]

Oh, I forgot to say.

Please install Nmap's dev version: https://nmap.org/dist/nmap-7.25BETA1-setup.exe

And please install latest Npcap 0.08 r3.

[zdm]

With nmap-7.25-beta1 results are the same.

On 08.08.2016 08:41, Yang Luo wrote:

Oh, I forgot to see. Please install Nmap's dev version: https://nmap.org/dist/nmap-7.25BETA1-setup.exe

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/nmap/nmap/issues/492#issuecomment-238146254, or mute the thread https://github.com/notifications/unsubscribe-auth/AA-mSM5dyTxbmUKly16L0gYzKfaVlElHks5qdsGYgaJpZM4JekI0.

[hsluoyz]

1. See if the C:\Windows\System32\Npcap folder contains these two files: wpcap.dll, Packet.dll
2. In Administrator CMD, enter sc query npcap and paste the result here.

[zdm]

1. Files are present;
2. Service is stopped

SERVICE_NAME: npcap
        TYPE               : 1  KERNEL_DRIVER
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 31  (0x1f)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

[hsluoyz]

In Administrator CMD, enter net start npcap and paste the result here.

[zdm]

Problem with signature

d:\downloads\111>net start npcap
System error 577 has occurred.

Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

[hsluoyz]

1. Unzip the attached signtool.zip, put signtool.exe to somewhere your CMD can find (e.g. . C:\Program Files\Npcap)
2. In CMD, cd into the C:\Program Files\Npcap path, enter signtool verify /kp /c npcap.cat npcap.sys and paste the result here.

signtool.zip

[zdm]

0 sha256 RFC3161 Successfully verified: npcap.sys

On 08.08.2016 09:29, Yang Luo wrote:

|signtool verify /kp /c npcap.cat npcap.sys|

[hsluoyz]

1. Restore the OS to the un-updated state.
2. Uninstall Npcap.
3. OS Update.
4. Install Npcap.

[zdm]

I made clean os install a day ago.

On 08.08.2016 09:55, Yang Luo wrote:

1. Restore the OS to the un-updated state.
2. Uninstall Npcap.
3. OS Update.
4. Install Npcap.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/nmap/nmap/issues/492#issuecomment-238155582, or mute the thread https://github.com/notifications/unsubscribe-auth/AA-mSBoYypoQ6McWBwnoFySitntpiegPks5qdtLHgaJpZM4JekI0.

[hsluoyz]

I have no idea what happened.. Can I get a remote access?

[zdm]

yes, do you have teamviewer?

On 08.08.2016 10:01, Yang Luo wrote:

I have no idea what happened.. Can I get a remote access?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/nmap/nmap/issues/492#issuecomment-238156601, or mute the thread https://github.com/notifications/unsubscribe-auth/AA-mSBBQxdNG9wZkONyQ80c_dbTxZfKnks5qdtRkgaJpZM4JekI0.

[hsluoyz]

Yes. You can email me the password:) hsluoyz@gmail.com

[hsluoyz]

The network connectivity is so bad. I can't even move the mouse in the remote window.

[zdm]

I don't know why, I have 100 Mb channel.

I need to go to the office now, and will be available in several hours.

So, the problem in the driver signature.

I will try to find the solution too, I already check, that your certificate is stored as trusted.

On 08.08.2016 10:48, Yang Luo wrote:

The network connectivity is so bad. I can't even move the mouse in the remote window.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/nmap/nmap/issues/492#issuecomment-238164611, or mute the thread https://github.com/notifications/unsubscribe-auth/AA-mSB2UxR32QYZ_Uez95mup17fI2hWzks5qdt9QgaJpZM4JekI0.

[zdm]

I found the article, that describes drivers signing changes in windows 10 anniversary edition.

http://www.thewindowsclub.com/driver-signing-changes-windows-10

Maybe this will helpful to solve the problem.

On 08.08.2016 10:48, Yang Luo wrote:

The network connectivity is so bad. I can't even move the mouse in the remote window.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/nmap/nmap/issues/492#issuecomment-238164611, or mute the thread https://github.com/notifications/unsubscribe-auth/AA-mSB2UxR32QYZ_Uez95mup17fI2hWzks5qdt9QgaJpZM4JekI0.

[zdm]

I think, that this requirement should be met:

"The latest version of Windows 10 will load only Kernel mode drivers signed digitally by the Dev Portal. However, the changes will affect only the new installations of the operating system with Secure Boot http://www.thewindowsclub.com/understanding-measured-boot-secure-boot-work-windows-8 on. The non-upgraded fresh installations would require drivers signed by Microsoft."

On 08.08.2016 10:48, Yang Luo wrote:

The network connectivity is so bad. I can't even move the mouse in the remote window.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/nmap/nmap/issues/492#issuecomment-238164611, or mute the thread https://github.com/notifications/unsubscribe-auth/AA-mSB2UxR32QYZ_Uez95mup17fI2hWzks5qdt9QgaJpZM4JekI0.

[hsluoyz]

Thanks! This should be the reason.

From your link here, the following 5 conditions have described what kind of Windows will be affected by this new signing rule:

1. PCs upgraded to Windows 10 Build 1607 from a previous version of Windows (for instance Windows 10 version 1511) are not affected by the change.
2. PCs without Secure Boot functionality, or Secure Boot off, are not affected either.
3. All drivers signed with cross-signing certificates that were issued prior to July 29, 2015, will continue to work.
4. Boot drivers won’t be blocked to prevent systems from failing to boot. They will be removed by the Program Compatibility Assistant, however.
5. The change affects only Windows 10 Version 1607. All previous versions of Windows are not affected.

But it's a little weird. Even the latest Npcap 0.08 r3's driver files were signed in July, 24. So according to the condition 3., Npcap driver should work without signature issues. I don't know why you encounter this issue.

Moreover, I have tried to reproduce this issue but I couldn't. I have installed a fresh Win10 1607 x64 in my VMware Workstation 12, but Npcap 0.08 r3 installs successfully. From msinfo32.exe, I saw that this VM doesn't support secure boot. But based on this post, it said that changing a registry key can "make“ msinfo32.exe believe secure boot is supported and enabled. I tried this method and it works. But I don't know if this cheating will also deceive the above condition 2. And I re-signed all the driver files to make sure the condition 3 will not be satisfied.

But why still can't reproduce this issue? It seems that the only reason is the secure boot. My secure boot cheating doesn't work. Unfortunately, I don't have an available machine for me to install Win 10 1607, so I have to use a VM here. Do you know any other ways to get a Win 10 VM with the secure boot support? Like using VirtualBox? or using a remote machine from providers like Amazon, etc.?

[hsluoyz]

A useful Q&A with Microsoft: https://www.osr.com/blog/2015/07/24/questions-answers-windows-10-driver-signing/

Windows Hardware Dev Center: https://developer.microsoft.com/en-us/windows/hardware

Windows Hardware Dev Center Dashboard: https://sysdev.microsoft.com/en-us/hardware/signup/

[zdm]

I my case everything happens, like it described in the article. I have clean windows installed and npcap driver is not loading.

[hsluoyz]

@zdm , OK. I found hyper-V supports secure boot in VMs. And I have reproduced your issue with Npcap 0.08 r4 in my VM. We will discuss about how to improve our signing method. Thanks for reporting this issue!

@fyodor , can you register an account here: https://sysdev.microsoft.com/en-us/hardware/signup/ ? So we can log in to see what's going on there.

[marlop352]

Any updates about the signing problem?

[hsluoyz]

@marlop352 , not much progress, since this seems to require an EV certificate which is much more expensive than the one we have. And our current cert still has one and a half of years to expire. So we will still use the current non-EV cert for some time. Therefore, for now, I suggest you turn off Secure Boot in your BIOS to workaround this issue.

[mhoes]

For what it's worth: I had the same behavior (but perhaps not the exact same bug) as originally reported here: after a Windows 10 Home 64-bit update (from version 1511) to the 'Anniversary Update' (version 1607 [OS Build 14393.187]), Wireshark is no longer able to identify any interfaces. But I can't tell from the previous posts here if my issue was identical to the one reported here originally. I'm running Wireshark 2.2.0, and was running Npcap 0.09-r13 when I first ran into the issue. Npcap is installed in winpcap compatibility mode.

The following resolved the issue for me:

1.) Go to the directory where npcap is installed, and uninstall by double clicking 'uninstall.exe'. 2.) Download and install npcap-0.10-r2 as usual.

[sanitybit]

@hsluoyz If you have no intention of properly signing the drivers for current builds of Windows, you shouldn't include npcap as the default in stable nmap installers for Windows.

[hsluoyz]

@sanitybit , besides the price, there's another difficulty. As you know, Npcap is open-sourced and developped in a distributed manner. But EV code signing only has one hardware key. It's hard for multiple developers at different places to do the signing concurrently.

Do you know any way to achieve EV code signing concurrently for multiple developers, like a remote signing or multiple identical hardware keys?

[BavoB]

I have the same problem, no interfaces in Wireshark + Zenmap errors out with:

"Starting Nmap 7.30 ( https://nmap.org ) at 2016-10-03 23:56 Romance Daylight Time NSE: Loaded 142 scripts for scanning. NSE: Script Pre-scanning. Initiating NSE at 23:56 Completed NSE at 23:56, 0.00s elapsed Initiating NSE at 23:56 Completed NSE at 23:56, 0.00s elapsed Initiating ARP Ping Scan at 23:56 dnet: Failed to open device eth0 QUITTING!"

System: Windows 10 x64 1607 with Secure Boot on Nmap: 7.30 release with Npcap 0.10 r5 (compatibility mode) DiagReport-20161003-235502.txt

Is this a signature problem? I noticed that when installing the latest Intel network driver, Windows complained about an unsigned driver, which was new to me. Do kernel drivers really need to be signed by an EV certificate in this version?

Thanks for any useful info.

[hsluoyz]

@BavoB , did you install Win10 x64 1607 in a brand-new system or update to it? If brand-new, then it should be the signing issue.

@fyodor @bonsaiviking , it seems that more users are complaining about this issue now..

[BavoB]

This was a clean install on a new system.

[hsluoyz]

@BavoB, Thanks for the feedback. We are already trying to solve this signing issue. For now, my suggestion would be turning off Secure Boot in the BIOS to bypass this check.

[dmiller-nmap]

@BavoB @mhoes @marlop352 @zdm @sanitybit,

We have obtained an EV code signing certificate and are in the process of figuring out how to best accomplish the Dev Portal signing in such a way that it supports all versions of Windows from 7 through 10. Since you have each experienced problems with the driver signing issue, we are asking you to help us test a couple candidate builds of the latest Npcap 0.78 r2:

First, we have built [an installer with drivers signed directly by our EV cert]. This works on earlier versions of Windows, but we have not tested yet whether it works on Windows 10 1607, which is of course the primary problem. If this works for you on the Anniversary Update, we can begin shipping installers with this configuration right away.

If that should fail, we have an installer with Microsoft Attestation-signed drivers. The drivers were cross-signed by Microsoft through the Dev Portal after we signed them with our EV cert, and will most likely work with Windows 10, any release. Unfortunately, the do NOT work with previous versions.

If the first installer (EV-only) works for Win10 1607, then we can be done. If only the second one (attestation signed) works, then we will have to multiply again the drivers we ship: SHA-1-signed for Win7, EV-signed for Win8, and attestation-signed for Win10.

Please let us know at your earliest convenience which of these installers works for you, if any.

NOTE: these URLs are not permanent. Once we get a configuration finalized, we'll remove them and you can go back to obtaining Npcap through the Github releases page.

[zdm]

I am ready for testing.

On 10.12.2016 01:51, Daniel Miller wrote:

@BavoB https://github.com/BavoB @mhoes https://github.com/mhoes @marlop352 https://github.com/marlop352 @zdm https://github.com/zdm @sanitybit https://github.com/sanitybit,

We have obtained an EV code signing certificate and are in the process of figuring out how to best accomplish the Dev Portal signing in such a way that it supports all versions of Windows from 7 through 10. Since you have each experienced problems with the driver signing issue, we are asking you to help us test a couple candidate builds of the latest Npcap 0.78 r2:

First, we have built an installer with drivers signed directly by our EV cert https://nmap.org/tmp/c/npcap-0.78-r2-ev.exe. This works on earlier versions of Windows, but we have not tested yet whether it works on Windows 10 1607, which is of course the primary problem. If this works for you on the Anniversary Update, we can begin shipping installers with this configuration right away.

If that should fail, we have an installer with Microsoft Attestation-signed drivers https://nmap.org/tmp/c/npcap-0.78-r2-attestation.exe. The drivers were cross-signed by Microsoft through the Dev Portal after we signed them with our EV cert, and will most likely work with Windows 10, any release. Unfortunately, the do NOT work with previous versions.

If the first installer (EV-only) works for Win10 1607, then we can be done. If only the second one (attestation signed) works, then we will have to multiply again the drivers we ship: SHA-1-signed for Win7, EV-signed for Win8, and attestation-signed for Win10.

Please let us know at your earliest convenience which of these installers works for you, if any.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/nmap/nmap/issues/492#issuecomment-266155235, or mute the thread https://github.com/notifications/unsubscribe-auth/AA-mSD4qnemlWZMTaao_4e1PjvZbU546ks5rGel2gaJpZM4JekI0.

[BavoB]

Only the second one (attestation signed) works!

Thank you very much, Bavo

From: Daniel Miller [mailto:notifications@github.com] Sent: zaterdag 10 december 2016 0:51 To: nmap/nmap nmap@noreply.github.com Cc: BavoB bavo.bostoen@hotmail.com; Mention mention@noreply.github.com Subject: Re: [nmap/nmap] [npcap] - wireshark stopped see adapters after windows 10 updated to "annivarsary edition" (#492)

@BavoBhttps://github.com/BavoB @mhoeshttps://github.com/mhoes @marlop352https://github.com/marlop352 @zdmhttps://github.com/zdm @sanitybithttps://github.com/sanitybit,

We have obtained an EV code signing certificate and are in the process of figuring out how to best accomplish the Dev Portal signing in such a way that it supports all versions of Windows from 7 through 10. Since you have each experienced problems with the driver signing issue, we are asking you to help us test a couple candidate builds of the latest Npcap 0.78 r2:

First, we have built an installer with drivers signed directly by our EV certhttps://nmap.org/tmp/c/npcap-0.78-r2-ev.exe. This works on earlier versions of Windows, but we have not tested yet whether it works on Windows 10 1607, which is of course the primary problem. If this works for you on the Anniversary Update, we can begin shipping installers with this configuration right away.

If that should fail, we have an installer with Microsoft Attestation-signed drivershttps://nmap.org/tmp/c/npcap-0.78-r2-attestation.exe. The drivers were cross-signed by Microsoft through the Dev Portal after we signed them with our EV cert, and will most likely work with Windows 10, any release. Unfortunately, the do NOT work with previous versions.

If the first installer (EV-only) works for Win10 1607, then we can be done. If only the second one (attestation signed) works, then we will have to multiply again the drivers we ship: SHA-1-signed for Win7, EV-signed for Win8, and attestation-signed for Win10.

Please let us know at your earliest convenience which of these installers works for you, if any.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/nmap/nmap/issues/492#issuecomment-266155235, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ADg7cTm5DQ9q3g4T0YDPHCkejCKvbfpvks5rGel2gaJpZM4JekI0.

[zdm]

Win10 with secure boot enabled:

• npcap-0.78-r2-attestation.exe - works;
• npcap-0.78-r2-ev.exe - not installed, failed to create service during installation;

[mhoes]

Hi,

With the installer with drivers signed directly by your EV cert (npcap-0.78-r2-ev.exe), I got the following error twice during installation: "Failed to install the npcap service". The installer did march onwards to the end though, as if nothing bad had happened.

The installer with Microsoft Attestation-signed drivers (npcap-0.78-r2-attestation.exe) works, and afterwards capture with wireshark is possible.

Small note: During the uninstall of both of the above, the npcap loopback adapter remained installed, leaving me after installing/uninstalling both with two remaining npcap loopback adapters I had to uninstall manually through windows device manager. Both that's probably for another day and bug report.

On Sat, Dec 10, 2016 at 12:51 AM, Daniel Miller notifications@github.com wrote:

@BavoB https://github.com/BavoB @mhoes https://github.com/mhoes @marlop352 https://github.com/marlop352 @zdm https://github.com/zdm @sanitybit https://github.com/sanitybit,

We have obtained an EV code signing certificate and are in the process of figuring out how to best accomplish the Dev Portal signing in such a way that it supports all versions of Windows from 7 through 10. Since you have each experienced problems with the driver signing issue, we are asking you to help us test a couple candidate builds of the latest Npcap 0.78 r2:

First, we have built an installer with drivers signed directly by our EV cert https://nmap.org/tmp/c/npcap-0.78-r2-ev.exe. This works on earlier versions of Windows, but we have not tested yet whether it works on Windows 10 1607, which is of course the primary problem. If this works for you on the Anniversary Update, we can begin shipping installers with this configuration right away.

If that should fail, we have an installer with Microsoft Attestation-signed drivers https://nmap.org/tmp/c/npcap-0.78-r2-attestation.exe. The drivers were cross-signed by Microsoft through the Dev Portal after we signed them with our EV cert, and will most likely work with Windows 10, any release. Unfortunately, the do NOT work with previous versions.

If the first installer (EV-only) works for Win10 1607, then we can be done. If only the second one (attestation signed) works, then we will have to multiply again the drivers we ship: SHA-1-signed for Win7, EV-signed for Win8, and attestation-signed for Win10.

Please let us know at your earliest convenience which of these installers works for you, if any.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/nmap/nmap/issues/492#issuecomment-266155235, or mute the thread https://github.com/notifications/unsubscribe-auth/ANiXM0KHgp2nUwUYG2ZBEeryY-dG4FGXks5rGel2gaJpZM4JekI0 .

[zdm]

Yes, I can confirm, that Npcap loopback adapters are not uninstalled and can be removed only from devices manager.

On 10.12.2016 12:11, mhoes wrote:

Hi,

With the installer with drivers signed directly by your EV cert (npcap-0.78-r2-ev.exe), I got the following error twice during installation: "Failed to install the npcap service". The installer did march onwards to the end though, as if nothing bad had happened.

The installer with Microsoft Attestation-signed drivers (npcap-0.78-r2-attestation.exe) works, and afterwards capture with wireshark is possible.

Small note: During the uninstall of both of the above, the npcap loopback adapter remained installed, leaving me after installing/uninstalling both with two remaining npcap loopback adapters I had to uninstall manually through windows device manager. Both that's probably for another day and bug report.

On Sat, Dec 10, 2016 at 12:51 AM, Daniel Miller notifications@github.com wrote:

@BavoB https://github.com/BavoB @mhoes https://github.com/mhoes @marlop352 https://github.com/marlop352 @zdm https://github.com/zdm @sanitybit https://github.com/sanitybit,

We have obtained an EV code signing certificate and are in the process of figuring out how to best accomplish the Dev Portal signing in such a way that it supports all versions of Windows from 7 through 10. Since you have each experienced problems with the driver signing issue, we are asking you to help us test a couple candidate builds of the latest Npcap 0.78 r2:

First, we have built an installer with drivers signed directly by our EV cert https://nmap.org/tmp/c/npcap-0.78-r2-ev.exe. This works on earlier versions of Windows, but we have not tested yet whether it works on Windows 10 1607, which is of course the primary problem. If this works for you on the Anniversary Update, we can begin shipping installers with this configuration right away.

If that should fail, we have an installer with Microsoft Attestation-signed drivers https://nmap.org/tmp/c/npcap-0.78-r2-attestation.exe. The drivers were cross-signed by Microsoft through the Dev Portal after we signed them with our EV cert, and will most likely work with Windows 10, any release. Unfortunately, the do NOT work with previous versions.

If the first installer (EV-only) works for Win10 1607, then we can be done. If only the second one (attestation signed) works, then we will have to multiply again the drivers we ship: SHA-1-signed for Win7, EV-signed for Win8, and attestation-signed for Win10.

Please let us know at your earliest convenience which of these installers works for you, if any.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/nmap/nmap/issues/492#issuecomment-266155235, or mute the thread

https://github.com/notifications/unsubscribe-auth/ANiXM0KHgp2nUwUYG2ZBEeryY-dG4FGXks5rGel2gaJpZM4JekI0 .

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/nmap/nmap/issues/492#issuecomment-266197318, or mute the thread https://github.com/notifications/unsubscribe-auth/AA-mSPd4xt6cJsIEQD6vSTDxoeLx6cLsks5rGnq9gaJpZM4JekI0.

[hsluoyz]

@mhoes @zdm , I have fixed this Npcap loopback adapters are not uninstalled issue in latest Npcap 0.78 r4.

Please try the installer at: https://github.com/nmap/npcap/releases

Note: this version still doesn't support Win10 1607 with Secure Boot on. Only the Microsoft Attestation-signed version Npcap released by Dan supports it.

[marlop352]

0.78 r2-ev does not work(fails to create services)

0.78 r2-atestation works

with 0.78 r4 windows gives an error after installation saying that it blocked the installation of a driver not digitally signed

[hsluoyz]

@marlop352 , Npcap 0.78 r4 still doesn't support Win10 1607 with Secure Boot on. Only the Microsoft Attestation-signed version Npcap released by Dan supports it. You can wait for Dan to release a 0.78 r4 version.

[marlop352]

@hsluoyz thought so, reported it because the error was different from what I remember happening when using the normal installer

I don't know how you generate the installer of how this specific one works, but can't it have the two types of binaries(normal and attestation) and choose which to use by detecting what system it's been run from?

[BavoB]

Hallo,

OK to recap: with secure boot on a fresh install of Win10 x64 v1607: only driver’s signed by EV cert of software vendor (you guys) + cross-signed by MS (attestation) will work. For kernel drivers this will probably always be the case going forward.

As I think running Win10 without secure boot is pointless, even more so in the near future (a lot of features seem to build on it), please make it straightforward to download the version we need + also when integrated into Nmap. Probably for Nmap distribution it only makes sense to include the ‘attested’ version, as that would work on all systems, also downlevel (win8.1-win7): am I correct?

Finally another (small) related problem which I will mention for completeness sake: I also run Hyper-V (not sure if this fact is related, probably not) but if I install a new NPCAP version over the previous one - I never bother to uninstall manually - then each install adds a new LAN adapter: they are called Ethernet2, 3, 4 etc, but in the details tab of the properties “NPCAP Loopback Adapter” is mentioned in the description field. This is probably the same (or very related) problem, in that the installer doesn’t do a cleanup as part of the new install, or else there is an uninstall routine included but it did not work. So the old adapters are renamed to Ethernet2, 3 etc, to make room for the ‘new’ one…

Best, Bavo

From: Yang Luo [mailto:notifications@github.com] Sent: zondag 11 december 2016 3:29 To: nmap/nmap nmap@noreply.github.com Cc: BavoB bavo.bostoen@hotmail.com; Mention mention@noreply.github.com Subject: Re: [nmap/nmap] [npcap] - wireshark stopped see adapters after windows 10 updated to "annivarsary edition" (#492)

@marlop352https://github.com/marlop352 , Npcap 0.78 r4 still doesn't support Win10 1607 with Secure Boot on. Only the Microsoft Attestation-signed version Npcap released by Dan supports it. You can wait for Dan to release a 0.78 r4 version.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/nmap/nmap/issues/492#issuecomment-266256426, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ADg7cVuY7x9RJuPa0ANuwWnC_-ydj729ks5rG1_RgaJpZM4JekI0.

[BavoB]

1. FINAL REMARK: the adapters are called Ethernet2, 3, 4 in the ‘Network & sharing Center’ and ‘Network connections’ windows. In device manager they are however all called identically “NPCAP Loopback Adapter” ==> they also have the same driver version 10.0.14393.0 ; so I don’t really know which one I can safely uninstall.
2. I’m getting marked as spam by GitHub for some reason, but I’m legit (I swear ;-) Best, Bavo

=========================== Hallo,

OK to recap: with secure boot on a fresh install of Win10 x64 v1607: only driver’s signed by EV cert of software vendor (you guys) + cross-signed by MS (attestation) will work. For kernel drivers this will probably always be the case going forward.

As I think running Win10 without secure boot is pointless, even more so in the near future (a lot of features seem to build on it), please make it straightforward to download the version we need + also when integrated into Nmap. Probably for Nmap distribution it only makes sense to include the ‘attested’ version, as that would work on all systems, also downlevel (win8.1-win7): am I correct?

Finally another (small) related problem which I will mention for completeness sake: I also run Hyper-V (not sure if this fact is related, probably not) but if I install a new NPCAP version over the previous one - I never bother to uninstall manually - then each install adds a new LAN adapter: they are called Ethernet2, 3, 4 etc, but in the details tab of the properties “NPCAP Loopback Adapter” is mentioned in the description field. This is probably the same (or very related) problem, in that the installer doesn’t do a cleanup as part of the new install, or else there is an uninstall routine included but it did not work. So the old adapters are renamed to Ethernet2, 3 etc, to make room for the ‘new’ one…

Best, Bavo

From: Yang Luo [mailto:notifications@github.com] Sent: zondag 11 december 2016 3:29 To: nmap/nmap nmap@noreply.github.com Cc: BavoB bavo.bostoen@hotmail.com; Mention mention@noreply.github.com Subject: Re: [nmap/nmap] [npcap] - wireshark stopped see adapters after windows 10 updated to "annivarsary edition" (#492)

@marlop352https://github.com/marlop352 , Npcap 0.78 r4 still doesn't support Win10 1607 with Secure Boot on. Only the Microsoft Attestation-signed version Npcap released by Dan supports it. You can wait for Dan to release a 0.78 r4 version.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/nmap/nmap/issues/492#issuecomment-266256426, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ADg7cVuY7x9RJuPa0ANuwWnC_-ydj729ks5rG1_RgaJpZM4JekI0.

[dmiller-nmap]

Everyone,

Sorry for the confusion. I had a misconfiguration that caused our EV-signed drivers to not validate, so they were not working on any system. Now they work on Windows 8 at least, and I would appreciate a test with Windows 10 1607. Here is the download link for Npcap 0.78 r4, EV cert.