For security reasons I was using Wireshark (it was v2.4.x) as following: 1) Run WinPcap manually: from admin console it is command: net start npf 2) Run Wireshark GUI app from dedicated restricted account. It's a normal user account, not an admin account, and this account is allowed to write only to Wireshark's profile in filesystem via NTFS permissions. So, if protocol dissector would be affected by malicious packets, the Wireshark never change/infect the filesystem (or, at least it becomes much more hard). The command is: start runas /user:Wireshark "Wireshark.exe" Alternatively, Shift + Context menu -> Run as different user with subsecuent account data entering does the same. 3) After working session close Wireshark GUI app. 4) Close WinPcap manually: from admin console it is command: net stop npf
This scenario worked fine. But now with Wireshark v3.0.x in the same scenario Wireshark sees no network interfaces both with Npcap and WinPcap, like a case when the capture driver is not started at all.
Notably, that if login (at Windows logon screen) with that dedicated account, all works fine. So, the problem with "runas" command (Shift + Context menu -> Run as different user has the same wrong behaviour).
Does someone know more about it?
Thanks in advance.