IBM Support

Windows Server 2012 R2 may report warning about TDI filter when using Guardium V9 S-TAP for Windows with LhmonProxy driver

Troubleshooting


Problem

When using Guardium V9 S-TAP for Windows Server 2012 R2, why I see following warning in Windows Event log: A TDI filter (\Driver\LhmonProxy) was detected. This filter has not been certified by Microsoft and may cause system instability.

Symptom

Following warning message might appear in Windows Event Log after Guardium V9 S-TAP for Windows is installed. We observed this message in Windows Server 2012 R2 environment:
Event[n]:
Log Name: System
Source: AFD
Date: 2016-11-12 13:55:23.465
Event ID: 16001
Task: N/A
Level: Warning
Opcode: N/A
Keyword: Classic
User: N/A
User Name: N/A
Computer: xxxxxxxx.xxx.xxx.xxx
Description:
A TDI filter (\Driver\LhmonProxy) was detected. This filter has not been certified by Microsoft and may cause system instability.

Cause

This warning message is generated by Microsoft, and the message could apply to all TDI based drivers. Our LhmonProxy driver is a TDI based driver, so it's normal to see this warning when we use LhmonProxy driver.

Environment

This warning message can happen when LhmonProxy driver is installed as a part of Windows S-TAP V9. Note that Windows S-TAP V10 uses WFP driver instead of LhmonProxy driver, so this problem won't happen.

Resolving The Problem

The solution to avoid this warning message is to use WFP driver:
Switch from LhmonProxy driver to WFP driver
How to install Windows STAP V9 with WFP driver
Guardium STAP: How to switch from LHMON to WFP Driver on Windows

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Database Activity Monitor","Platform":[{"code":"PF033","label":"Windows"}],"Version":"9.0;9.1;9.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21995533

Page Feedback