Thanks for this report. This error indicates a signature validation problem. Can you run the following PowerShell commands on the affected system? The files will be present while the error message box is shown, but they will be deleted after you click "OK," so the commands must be run while the error message box is still present.

Get-AuthenticodeSignature "C:\Program Files\Npcap\npcap.cat" | select *
Get-AuthenticodeSignature "C:\Program Files\Npcap\npcap.sys" | select *

I have requested this be ran in Powershell whilst the error is present - will return the info as soon as I'm provided the outputs.

OUTPUT OF “Get-AuthenticodeSignature "C:\Program Files\Npcap\npcap.cat" | select *”
PS C:\Users\xxxxxx> Get-AuthenticodeSignature "C:\Program Files\Npcap\npcap.cat" | select *

SignerCertificate : [Subject]
CN=Insecure.Com LLC, O=Insecure.Com LLC, L=Seattle, S=Washington, C=US,
SERIALNUMBER=200010310013, OID.2.5.4.15=Private Organization,
OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US

                     [Issuer]
                       CN=DigiCert EV Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

                     [Serial Number]
                       0EA33B42058F115CF22CAD9A60251ED4

                     [Not Before]
                       01/05/2020 01:00:00

                     [Not After]
                       07/05/2021 13:00:00

                     [Thumbprint]
                       29BACAE898852AAB0BB9162881053B703B9D1005

TimeStamperCertificate : [Subject]
CN=DigiCert Timestamp Responder, O=DigiCert, C=US

                     [Issuer]
                       CN=DigiCert Assured ID CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

                     [Serial Number]
                       03019A023AFF58B16BD6D5EAE617F066

                     [Not Before]
                       22/10/2014 01:00:00

                     [Not After]
                       22/10/2024 01:00:00

                     [Thumbprint]
                       614D271D9102E30169822487FDE5DE00A352B01D

Status : UnknownError
StatusMessage : A certificate chain could not be built to a trusted root authority
Path : C:\Program Files\Npcap\npcap.cat
SignatureType : Authenticode
IsOSBinary : False

OUTPUT OF “Get-AuthenticodeSignature "C:\Program Files\Npcap\npcap.sys" | select *”
PS C:\Users\xxxxx> Get-AuthenticodeSignature "C:\Program Files\Npcap\npcap.sys" | select *

SignerCertificate : [Subject]
CN=Insecure.Com LLC, O=Insecure.Com LLC, L=Seattle, S=Washington, C=US,
SERIALNUMBER=200010310013, OID.2.5.4.15=Private Organization,
OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US

                     [Issuer]
                       CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

                     [Serial Number]
                       09256314069E7E6A88CB823075C0D9C9

                     [Not Before]
                       01/05/2020 01:00:00

                     [Not After]
                       07/05/2021 13:00:00

                     [Thumbprint]
                       4CE89794FE2D2F7E30121F10BCF76AC3CCF77CA9

TimeStamperCertificate : [Subject]
CN=TIMESTAMP-SHA256-2019-10-15, O="DigiCert, Inc.", C=US

                     [Issuer]
                       CN=DigiCert SHA2 Assured ID Timestamping CA, OU=www.digicert.com, O=DigiCert Inc, C=US

                     [Serial Number]
                       04CD3F8568AE76C61BB0FE7160CCA76D

                     [Not Before]
                       01/10/2019 01:00:00

                     [Not After]
                       17/10/2030 01:00:00

                     [Thumbprint]
                       0325BD505EDA96302DC22F4FA01E4C28BE2834C5

Status : UnknownError
StatusMessage : A certificate chain could not be built to a trusted root authority
Path : C:\Program Files\Npcap\npcap.sys
SignatureType : Authenticode
IsOSBinary : False

In the meantime I have also asked the contact to provide the below to be attached for our internal support ticket. Happy to provide a copy of them here too.

1. DiagReport - Run C:\Program Files\Npcap\DiagReport.bat. It will pop up a text report via Notepad (it's stored in: C:\Program Files\Npcap\DiagReport.txt)
2. install.log - The file called install.log under C:\Program Files\Npcap

Additionally the setupapi.dev log includes the line:
!!! sig: Driver package catalog file certificate does not chain to a root, and Code Integrity is enforced.

So asked to check the event viewer results for any related Code Integrity logs which may also help us.
Application and Services logs > Microsoft > Windows > CodeIntegrity

Is there any update on this issue, or anything further we can provide to assist?
This issue has stopped the installation/use of the monitoring product which utilises NPCAP until resolved.

@davepalmeruk We did make a change to driver signing in Npcap 1.00 which I neglected to put into the changelog: instead of dual-signing with SHA-1 and SHA-256 for all platforms, we now separately sign the driver for Windows 7 with SHA-1 only, and the drivers for all other platforms are signed with SHA-256. This eliminates a weird case of signature mismatch because the npcap.cat file only supports 1 signature at a time, so Npcap 0.9997 and earlier had to use SHA-1 regardless of whether SHA-256 is supported on the system (which it is for all Microsoft-supported Windows versions).

All that to say, please try Npcap 1.00 and see if that resolves the problem.

still having this problem. on Windows 10 Pro 2004. Tried both 1.1.0 and 0.9997 version without luck.

Same - Customer has tried to install v1.0 and still gets a failure message.

See the setup log from the failed attempt (15th Dec - v1.0)

[SetupCopyOEMInf - C:\Program Files\Npcap\NPCAP.inf]
Section start 2020/12/15 13:37:18.714
cmd: "C:\Program Files\Npcap\NPFInstall.exe" -n -i
sto: {Setup Import Driver Package: C:\Program Files\Npcap\NPCAP.inf} 13:37:18.714
inf: Provider: Nmap Project
inf: Class GUID: {4D36E974-E325-11CE-BFC1-08002BE10318}
inf: Driver Version: 09/25/2020,10.35.51.668
inf: Catalog File: npcap.cat
sto: {Copy Driver Package: C:\Program Files\Npcap\NPCAP.inf} 13:37:18.714
sto: Driver Package = C:\Program Files\Npcap\NPCAP.inf
sto: Flags = 0x00000007
sto: Destination = C:\Users<user-removed>\AppData\Local\Temp{7a7bbc3b-345f-1f47-bbaa-ef41b07cfe33}
sto: Copying driver package files to 'C:\Users<user-removed>\AppData\Local\Temp{7a7bbc3b-345f-1f47-bbaa-ef41b07cfe33}'.
flq: Copying 'C:\Program Files\Npcap\npcap.cat' to 'C:\Users<user-removed>\AppData\Local\Temp{7a7bbc3b-345f-1f47-bbaa-ef41b07cfe33}\npcap.cat'.
flq: Copying 'C:\Program Files\Npcap\NPCAP.inf' to 'C:\Users<user-removed>\AppData\Local\Temp{7a7bbc3b-345f-1f47-bbaa-ef41b07cfe33}\NPCAP.inf'.
flq: Copying 'C:\Program Files\Npcap\npcap.sys' to 'C:\Users<user-removed>\AppData\Local\Temp{7a7bbc3b-345f-1f47-bbaa-ef41b07cfe33}\npcap.sys'.
sto: {Copy Driver Package: exit(0x00000000)} 13:37:18.761
pol: {Driver package policy check} 13:37:18.870
pol: {Driver package policy check - exit(0x00000000)} 13:37:18.870
sto: {Stage Driver Package: C:\Users<user-removed>\AppData\Local\Temp{7a7bbc3b-345f-1f47-bbaa-ef41b07cfe33}\NPCAP.inf} 13:37:18.870
inf: {Query Configurability: C:\Users<user-removed>\AppData\Local\Temp{7a7bbc3b-345f-1f47-bbaa-ef41b07cfe33}\NPCAP.inf} 13:37:18.886
inf: Driver package 'NPCAP.inf' is configurable.
inf: {Query Configurability: exit(0x00000000)} 13:37:18.886
flq: Copying 'C:\Users<user-removed>\AppData\Local\Temp{7a7bbc3b-345f-1f47-bbaa-ef41b07cfe33}\npcap.cat' to 'C:\Windows\System32\DriverStore\Temp{47ea7fc2-9140-554f-8652-0a3a0044907b}\npcap.cat'.
flq: Copying 'C:\Users<user-removed>\AppData\Local\Temp{7a7bbc3b-345f-1f47-bbaa-ef41b07cfe33}\NPCAP.inf' to 'C:\Windows\System32\DriverStore\Temp{47ea7fc2-9140-554f-8652-0a3a0044907b}\NPCAP.inf'.
flq: Copying 'C:\Users<user-removed>\AppData\Local\Temp{7a7bbc3b-345f-1f47-bbaa-ef41b07cfe33}\npcap.sys' to 'C:\Windows\System32\DriverStore\Temp{47ea7fc2-9140-554f-8652-0a3a0044907b}\npcap.sys'.
sto: {DRIVERSTORE IMPORT VALIDATE} 13:37:18.902
sig: {_VERIFY_FILE_SIGNATURE} 13:37:18.917
sig: Key = NPCAP.inf
sig: FilePath = C:\Windows\System32\DriverStore\Temp{47ea7fc2-9140-554f-8652-0a3a0044907b}\NPCAP.inf
sig: Catalog = C:\Windows\System32\DriverStore\Temp{47ea7fc2-9140-554f-8652-0a3a0044907b}\npcap.cat
! sig: Verifying file against specific (valid) catalog failed! (0x800b0109)
! sig: Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
sig: {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 13:37:18.949
sig: {_VERIFY_FILE_SIGNATURE} 13:37:18.949
sig: Key = NPCAP.inf
sig: FilePath = C:\Windows\System32\DriverStore\Temp{47ea7fc2-9140-554f-8652-0a3a0044907b}\NPCAP.inf
sig: Catalog = C:\Windows\System32\DriverStore\Temp{47ea7fc2-9140-554f-8652-0a3a0044907b}\npcap.cat
! sig: Verifying file against specific Authenticode(tm) catalog failed! (0x800b010a)
! sig: Error 0x800b010a: A certificate chain could not be built to a trusted root authority.
sig: {_VERIFY_FILE_SIGNATURE exit(0x800b010a)} 13:37:18.964
!!! sig: Driver package catalog file certificate does not chain to a root, and Code Integrity is enforced.
!!! sig: Driver package failed signature validation. Error = 0xE0000247
sto: {DRIVERSTORE IMPORT VALIDATE: exit(0xe0000247)} 13:37:18.964
!!! sig: Driver package failed signature verification. Error = 0xE0000247
!!! sto: Failed to import driver package into Driver Store. Error = 0xE0000247
sto: {Stage Driver Package: exit(0xe0000247)} 13:37:18.964
sto: {Setup Import Driver Package - exit (0xe0000247)} 13:37:18.980
!!! inf: Failed to import driver package into driver store
!!! inf: Error 0xe0000247: A problem was encountered while attempting to add the driver to the store.
<<< Section end 2020/12/15 13:37:19.042
<<< [Exit status: FAILURE(0xe0000247)]

Is there any further change to this issue?
The end customer still cannot install NPCAP due to this error and trying the later versions didn't change the outcome.

I checked the signature thumbprints and the INF DriverVersion in your logs against the files in the Npcap 1.00 installler and I found that it's trying to install the Windows 7-only build of the driver, which has been signed with our SHA-1 certificate only. The server is probably configured to not accept SHA-1 certificates, but a bigger problem is that Windows Server 2012 R2 ought to be installing the Win8/Win8.1 build of the driver, which is signed with our SHA-2 cert. Can you provide the install.log and NPFInstall.log files from the Npcap installation directory? These will show me what the installer thought it was doing when it chose those builds to install.

@davepalmeruk as a Npcap OEM licensee, you may contact us via email for technical support. We'd like to get this resolved for you.

NPFInstall.log
install.log

@dmiller-nmap, thanks. Please see the logs requested.

I have the same issue. Was a solution found?

Same issue here with Win8.1

We're experiencing the same issue with Npcap 1.10 and Npcap 1.20 on Windows 2012 R2 (Win8.1).

install.log
NPFInstall.log

Some of you have the following text in your output: StatusMessage : A certificate chain could not be built to a trusted root authority

The fix for me was to manually install the trust chains required by npcap.cat and npcap.sys. Those were the following:

1. Microsoft Root Certificate Authority 2010
2. Microsoft Windows Third Party Component CA 2014
3. Microsoft Windows Hardware Compatibility Publisher
4. Microsoft Time-Stamp PCA 2010
5. Microsoft Time-Stamp Service
6. Microsoft Code Verification Root
7. DigiCert High Assurance EV Root CA
8. DigiCert EV Code Signing CA (SHA2)

Once all those are imported in the local certificate store, the application installed for me. I'm in an offline environment, so some of the certs may already exist if you're Internet connected.

Did anyone get the issue resolved?
Does it have something to do with gpedit.msc in Windows?

Thanks everyone! We are planning to add the extra certs for the next upcoming Npcap release, which should improve compatibility for systems which are missing any of them for one reason or another.

@fyodor One of the certificates mentioned above is actually expired now. (Re-pasting part of that comment here to fix the formatting; the dates are shown as DD/MM/YYYY in UTC+1.)

This was used to sign npcap 1.31 which was released 2 weeks before the certificate expired. I'm not familiar with how validation works in this context — is it enough for the signature to have been created during the certificate's validity period?

Either way, I assume a new signing certificate needs to be obtained if it has not been already.

SignerCertificate      : [Subject]
                           CN=Insecure.Com LLC, O=Insecure.Com LLC, L=Seattle, S=Washington, C=US,
                         SERIALNUMBER=200010310013, OID.2.5.4.15=Private Organization,
                         OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US

                         [Issuer]
                           CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

                         [Serial Number]
                           09256314069E7E6A88CB823075C0D9C9

                         [Not Before]
                           01/05/2020 01:00:00

                         [Not After]
                           07/05/2021 13:00:00

                         [Thumbprint]
                           4CE89794FE2D2F7E30121F10BCF76AC3CCF77CA9

@dpward We renewed our certificates which will be used for the next release. All signed files are countersigned by a trusted timestamping authority which proves the certificate was valid at the time of signature.

OK we made these changes in the new Npcap 1.50 release so please let us know if it resolves the problem or if anyone is still having signature validation problems like this. Cheers!

I had the same issue with 1.50. Solution was to export the two root certificates from the trusted publisher store and import them into the trusted root store. Once this was done install completed successfully.

@tjsqrd Thanks for the update. We can make this change to the next release of our installer.

We run Server 2012 R2 in a very closed environment. We are trying to install Npcap 1.50 and the installation fails with "Failed to create the npcap service 0x0000247. Please try installing Npcap again or use the latest official Npcap installer from https://hmap.ort/npcap/. I did download my installer from the official site. The failure event in the install.log file is: 2097152,"Failed to create the npcap service: 0xe0000247. Please try installing Npcap again, or use the latest official Npcap installer from https://nmap.org/npcap/"

I need this installation to work correctly in order to get Tenable Nessus Manager to install. Any assistance would be greatly appreciated.

There is also a registry setting that disables the check of Root Certificate authorities. It can be found at:
HKLM\SOFTWARE\Policies\Microsoft\SycstemCertificates\AuthRoot
Change 'DisableRootAutoUpdate' from 1 to 0