Question & Answer
Question
IBM Security Guardium uses the LHMON driver to collect data for all v8.2 STAPs. The v9 STAPs can use the newer WFP driver instead, but this is not installed by default. How can I enable the WFP driver on an existing v9 STAP agent?
Cause
IBM Technical Support recommends using the newer WFP driver wherever possible, especially if you encounter performance or stability issues using the older LHMON driver.
Answer
NOTE:
- The WFP driver is installed automatically for all v10 STAP agents. Simply upgrade to a v10 STAP.
- WFP is supported on Windows 2008 SP2 and above. (This includes R2.) Do not use the WFP driver with earlier versions of Windows.
1. Open a command prompt. Run cmd.exe as administrator.
- C:\Users\Administrator>cd "C:\Program Files (x86)\Guardium\GUARDIUM_STAP"
C:\Program Files (x86)\Guardium\GUARDIUM_STAP>WfpInstall.exe install
C:\Program Files (x86)\Guardium\GUARDIUM_STAP>lhmon_uninstall.exe
SUCCESS
Deleting: C:\Windows\system32\drivers\lhmon.sys
SUCCESS
Deleting: C:\Windows\system32\drivers\lhmonproxy.sys
2. START - All Programs - IBM Guardium STAP - Configuration file (open the guard_tap.ini file)
3. Edit guard_tap.ini as follows:
- [TAP]
LHMON_DRIVER_INSTALLED=0
WFP_DRIVER_INSTALLED=1
4. Reboot the system.
5. Open another command prompt and verify the expected driver is loaded.
- C:\Users\Administrator>sc query wfpmonitor
SERVICE_NAME: wfpmonitor
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Users\Administrator>sc query lhmonproxy
[SC] EnumQueryServicesStatus:OpenService FAILED 1060:
The specified service does not exist as an installed service.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21993028