IBM Support

How to install Windows STAP V9 with WFP driver

Question & Answer


Question

Recent Windows STAP V9 has a WFP driver but can't choose the driver during GUI installation. How to install Windows STAP V9 with WFP driver?

Cause

Windows STAP V10 uses WFP driver, but V9 doesn't use it as a default, even in the latest revision. You need to do a special way to install Windows STAP V9 with WFP driver.

Answer

If Windows S-TAP is already installed in the system, make sure to uninstall it and reboot the system to clear all drivers out of the system before the installation.

Please prepare a text file which stores tap_ip (DB Server IP) and sqlguard_ip (collector's IP) first, then run Windows STAP V9 installer from command prompt, without using GUI. Here is the details steps.

1. Download the latest revision of Windows STAP V9.

    For example, r81669 is the latest as of Nov. 16, 2015.


2. Create a file and put the DB server IP and collector's IP
    Here is an example.

    C:\tmp>type a.txt
    windowshostname xxx.xxx.xxx.xxx yyyy.yyy.yyy.yyy
    C:\tmp>
    , where "windowshostname" is a pre-defined name, followed by DB Server IP (xxx.xxx.xxx.xxx), and collector's IP (yyyy.yyy.yyy.yyy).


3. Run Windows STAP V9 setup.exe with parameters like this.
    C:\tmp>cd Windows_Stap_r81669_Installer

    C:\tmp\Windows_Stap_r81669_Installer>setup /s /z"windowshostname;C:\Program Files (x86)\IBM\GUARDIUM_STAP;c:\tmp\a.txt; WFP=1 LHMON=0 NamedPipes=1 START=1"

    C:\tmp\Windows_Stap_r81669_Installer>

    Make sure that you defined windowshostname in step 1, and you specified the file with the full path (c:\tmp\a.txt) when you run setup.exe

    The above example will install Windows STAP into "C:\Program Files (x86)\IBM\GUARDIUM_STAP" directory, which is the default installation directory.

    Note that the setup.exe command will be returned soon, and the actual installer will run in background. You can check the installation status by viewing c:\guardiumStapLog.txt.

4. (Optional) After the installation, open a Windows command prompt and run "driverquery | findstr WfpMonitor" to see if it's loaded.
    C:\>driverquery | findstr WfpMonitor
    WfpMonitor Security Guardium Wind Kernel 7/29/2015 12:20:38 PM

    C:\>


[NOTE] WFP driver supports Windows 2008 SP2 or later ( which includes Windows 2008 R2). It doesn't support Windows 2003 and Windows 2008 (non SP2, non R2).

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF033","label":"Windows"}],"Version":"9.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"PF033","label":"Windows"}],"Version":"9.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21971078

Page Feedback