Multiple UAC requests when starting/using Wireshark with Npcap's "Admin-only" mode ON

[Yang Luo <hsluoyb () gmail com>]

Hi list,

I recently got an issue about Npcap's Admin-only mode. It's actually a
pretty old question:

I updated to the latest available release (Npcap 0.07 r17) and checked the
> option to only allow > admin user to use it. When starting Wireshark, I had
> about 10 requests one after the other from UAC for NPcapHelper. Every time
> capture is started, it also pops up.
> It would be great if there was no more than a single request.


This is because Npcap will prompt a UAC window for every Npcap's DLL
loading. And Wireshark invokes multiple times of dumpcap.exe, which loads
Npcap's DLLs (wpcap.dll, Packet.dll).

It seems that in Linux there's a special user or a group that is permitted
to do the capturing. And Wireshark can run under that user/group. But on
Windows, the convention is using UAC window to do the privilege escalation.
So we can't copy Linux's solution here. I wonder is there any other way to
solve this? Like the Wireshark GUI only uses one dumpcap.exe instance
during its lifecycle?


Cheers,
Yang

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe