Data Loss Prevention

 View Only
Back to discussions
Expand all | Collapse all

Just about every day PacketCapture.exe faults and then is followed by a string of NtxDrv errors

  • 1.  Just about every day PacketCapture.exe faults and then is followed by a string of NtxDrv errors

    Posted Sep 03, 2013 04:03 PM

    We have DLP 11.6.2 set up on a Win Server 2008 R2 64 bit box.  Originally we were going to use Endace cards until we found out they weren't supported and so switched to the napatech cards.  Pretty much since we got these boxes up and running a few months ago on the one of our two monitor boxes we've been getting PacketCapture faulting followed by a string of 4 - 7 NtxDrv errors.  Googling it doesn't reveal anything and I thought it might've been that we still had the Endace drivers installed but they're gone so there goes that theory.  Anyone have any idea what NtxDrv is?



  • 2.  RE: Just about every day PacketCapture.exe faults and then is followed by a string of NtxDrv errors

    Posted Sep 04, 2013 11:59 AM

    Hi,

    I believe we have the driver version 4.22c ?? which ships with current Napatech packet capture cards has not been fully qualified with DLP 11.6x or lower product versions. The Windows Device Manager will show the driver version as 4.22.2.0 from the Network Connection Properties menu.  Using the latest 4.22c driver may result in unexpected behavior such as issues detecting network traffic or Windows system event errors. The recommendation is to use the certified 4.22 driver for DLP 11.6x and earlier versions of Network Monitor. Currently the 4.22c driver version for Napatech cards has been fully qualified for the 12.x version of DLP.

     

    Thanks



  • 3.  RE: Just about every day PacketCapture.exe faults and then is followed by a string of NtxDrv errors

    Posted Sep 04, 2013 12:34 PM

    Whereas device manager does show our driver as Napatech, 5/13/2011, Ver 4.22.2.0 we have not had any issues as of today though it is definetly something to know and keep an eye on.  It is more the issue that packetcapture.exe restarts and then, according to the enforce console, goes looking for the Endace DAG drivers.  This then translates in the eventvwr to the packet capture falters and then NtxDrv errors that seem to correspond to the box trying to load the Endace drivers which were uninstalled.  Not sure what I'm missing.  Is there a path somewhere that needs to be changed?  And what is the certified 4.22 driver for DLP 11.6.2?

     

     



  • 4.  RE: Just about every day PacketCapture.exe faults and then is followed by a string of NtxDrv errors

    Posted Sep 04, 2013 05:23 PM

    Yes, 4.22 should be fine for DLP 11.6.2.