Installing KFSensor

Installing WinPCap or Npcap

KFSensor's Network Protocol Analyzer feature makes use of industry standard network packet capturing libraries. This means KFSensor can work along side other security software such as Wireshark, which use the same libraries.

KFSensor will work without a network packet capturing library being installed but functionality associated with the Network Protocol Analyzer will then be disabled.

There are two different network packet capturing libraries to choose from; WinPCap or Npcap.
Both are free to use and both provide the functionality needed by KFSensor. If both are installed on the same machine then KFSensor will pick Npcap in preference to WinPCap.

It is best to download and install one of these libraries before installing KFSensor. Installing one later on will require an additional reboot of the machine.


WinPCap is the original network packet capturing library for Windows and KFSensor has worked with it for many years.

Unfortunately WinPCap is no longer being maintained. It is reliable for older versions of Windows, but can be difficult to install on versions of Windows 10.

The WinPCap installation program can either be obtained from the KeyFocus web site, or direct from the WinPCap web site:


Npcap is based on WinPCap, with an updated codebase to support the latest Windows APIs.
It is recommend for use on Windows 10.

Npcap is maintained by the Nmap project and for licensing reasons the Npcap installation must be downloaded directly from their web site:

Running the KFSensor set up

To install KFSensor you must be logged on with full administration rights to the local machine.

In the next step you will be asked to choose the folder where KFSensor should be located.
The "Program Files" path is a good place to install KFSensor as it inherits a high level of access security. This is explained in the next section.

After selecting the program group where KFSensor should be installed in the Start menu, the installation will begin.

You will need to restart your machine before KFSensor can become operational.
You should register your copy of KFSensor within two days to make it fully operational.
You can then either start using KFSensor straight away or complete the secure aspects of the configuration, as described in the next section.

Log Path

The first time KFSensor is run it creates a log folder.
The default location of the folder is "C:\kfsensor\logs".
It does this to keep the logs in a separate area from the program and configuration files to improve security.

Un-installing KFSensor

You can uninstall KFSensor by taking the following steps.
  1. If you have installed KFSensor as a systems service then you will need un-install it first.
    Within the KFSensor monitor application select the "File -> Service -> Un-install System Service" menu.
    Then exit the KFSensor monitor application.
  2. Go to the Windows Control Panel and select "Add or Remove Programs". Select KFSensor and press the "Change/Remove" button.
  3. The un-install program will not remove the log files generated. If you want to remove these then you will need to locate and delete the KFSensor log directory with Windows Explorer.

Next: Choosing the database system

KFSensor On-Line Manual Contents