Hi all
If you install Wireshark on a Windows 10 computer, you will also have NPcap installed, as a Windows Driver, in order to do the actual capturing of data, for Wireshark to process and display.
Now as long as you yourself run Wireshark, and use it, then it's great that Npcap is installed on the computer, and running on it.
The problem is that after you finish using Wireshark (for that day), Npcap remains installed, and remains enabled as a Driver. This means that any other software, can use it, and very easily capture your data.
Now generally program don't do that, but a malicious one can use that to its advantage.
So my question: Is there a way to have Npcap installed, yet Locked most of the time, so eventho it's installed, no-one can use it to capture data on that computer, and then, only when you, the person who installed it (and locked it) want to use it, you will temporarily unlock it, which means it will capture data and Wireshark will get it, and then once done for that day, Lock it back.
Does such a feature exist? Or if not, is there anything similar that can be used to achieve the same goal?
Thank you