Author Topic: Event ID: 4226 TCP/IP has reached the security limit imposed... At Boot-up  (Read 37858 times)

0 Members and 1 Guest are viewing this topic.

fidmas

  • Guest
Re: Event ID: 4226 TCP/IP has reached the security limit imposed... At Boot-up
« Reply #15 on: December 19, 2011, 08:16:08 PM »
OK.  I set "always connected".  It wasn't set before because: Even though I'm using a DSL Gateway, it doesn't power up until at least one machine, on the LAN, powers-up.  It is possible for the router to take longer than the computer to start.

I also set "No Proxy" as you suggested.

I then went back to the TCPIP.sys patcher and reverted to the original file.

Rebooted and got the 4226 event again.  However, I then rebooted 3 more times CLEAN!

IDUNO....  Maybe it's time to sit back for 7 hours, or so, and do another Malwarebytes scan and avast boot time scan. :-(

/Bob
--

ady4um

  • Guest
Re: Event ID: 4226 TCP/IP has reached the security limit imposed... At Boot-up
« Reply #16 on: December 19, 2011, 09:00:24 PM »
I don't think you need to keep scanning.

Please try working as usual for some time. The specific event is not going to prevent from you to use your system. Only in some specific cases, this particular event shows a problem with actual effects.

If some other hardware needs to be turned on before your computer, it may be wise to simply wait an additional minute before turning the system on.

If the event returns after several days of using the system normally, please report back and we'll try more specific additional configurations in avast (which are available, but not directly in the GUI of avast).

fidmas

  • Guest
Re: Event ID: 4226 TCP/IP has reached the security limit imposed... At Boot-up
« Reply #17 on: December 19, 2011, 09:17:53 PM »
I agree.  However I am doing a Malewarebytes scan right now (set to lower priority so I can continue working).  When I get the time, I'll probably do a boot time avast scan for completeness.  Won't hurt! ;-)

Just FYI: I may not have been clear.  The 4226 happend at boot time even when the DSL Gateway was up and happily running for hours.

I'll keep an eye on this and let you know in a couple days, I guess......

fidmas

  • Guest
Re: Event ID: 4226 TCP/IP has reached the security limit imposed... At Boot-up
« Reply #18 on: December 20, 2011, 03:21:53 PM »
Well.  3 reboots and 3 4226 events.  This does not seem to be as consistant if I just bring it up/down/up right away.  It seems some time has to elapse.  Either up-time or down-time.

Any suggestions before I try the "Hack" again, for a day, to see if it really worked?

BTW: Both Malwarebytes and avast boot time scans were clean.

YoKenny

  • Guest
Re: Event ID: 4226 TCP/IP has reached the security limit imposed... At Boot-up
« Reply #19 on: December 20, 2011, 03:37:26 PM »
OK.  I set "always connected".  It wasn't set before because: Even though I'm using a DSL Gateway, it doesn't power up until at least one machine, on the LAN, powers-up.  It is possible for the router to take longer than the computer to start.

I never power down my DSL Gateway so that is probably why I do not see that event.

fidmas

  • Guest
Re: Event ID: 4226 TCP/IP has reached the security limit imposed... At Boot-up
« Reply #20 on: December 20, 2011, 04:10:08 PM »
OK.  I set "always connected".  It wasn't set before because: Even though I'm using a DSL Gateway, it doesn't power up until at least one machine, on the LAN, powers-up.  It is possible for the router to take longer than the computer to start.

I never power down my DSL Gateway so that is probably why I do not see that event.

Like i stated before. the event get logget even when the DSL Gateway has been up and running for hours.  This has nothing to do with it.

ady4um

  • Guest
Re: Event ID: 4226 TCP/IP has reached the security limit imposed... At Boot-up
« Reply #21 on: December 20, 2011, 04:59:14 PM »
Settings -> updates -> "I only connect with dial up modem".

I know this is not your case, but the change may influence the number of connections (hence, the event may decrease too).

Also, avast settings -> troubleshooting -> "load avast services only after other system services".

Save those changes and reboot.

Remember to wait 10 minutes before testing. Do NOT force updates.

Additionally, do you have any other tools with autostartup?


About the hack, you should consider that it is a hole in your security. Since you are not using P2P, there shouldn't be any reason to change this setting.

Please report back.

Tetsuo

  • Guest
Re: Event ID: 4226 TCP/IP has reached the security limit imposed... At Boot-up
« Reply #22 on: December 20, 2011, 06:31:09 PM »
Even if the OP should decide to use p2p clients, this particular Event will not have any serious effect in real life - just a little slowdown in downloading for a couple of minutes at boot time.

He should just ignore it - providing that he is sure that the system is clean, with no malware.
« Last Edit: December 20, 2011, 06:34:35 PM by Tetsuo »

fidmas

  • Guest
Re: Event ID: 4226 TCP/IP has reached the security limit imposed... At Boot-up
« Reply #23 on: December 20, 2011, 07:56:00 PM »
Settings -> updates -> "I only connect with dial up modem".

I know this is not your case, but the change may influence the number of connections (hence, the event may decrease too).

Also, avast settings -> troubleshooting -> "load avast services only after other system services".

Save those changes and reboot.

Remember to wait 10 minutes before testing. Do NOT force updates.

Additionally, do you have any other tools with autostartup?


About the hack, you should consider that it is a hole in your security. Since you are not using P2P, there shouldn't be any reason to change this setting.

Please report back.

I'll try that.  You sure avast will still see the connection for updates?

There are a couple things set to run at startup, but nothing that touches the internet, with the exception of an email checker that waits 4 minutes before checking.  This event always happens before I can even get to the Event Viewer.  It occurs right after "The Event log service was started." and before "The Terminal Services service was successfully sent a start control.".

Wait 10 minutes before checking - what?  If it's there, it'll be there right after boot-up.

I'll make the change and shut down for lunch and report back.

fidmas

  • Guest
Re: Event ID: 4226 TCP/IP has reached the security limit imposed... At Boot-up
« Reply #24 on: December 20, 2011, 08:08:08 PM »
Even if the OP should decide to use p2p clients, this particular Event will not have any serious effect in real life - just a little slowdown in downloading for a couple of minutes at boot time.

He should just ignore it - providing that he is sure that the system is clean, with no malware.

I agree this could be ignored.  It seems that startup is now taking about 20 seconds longer before the XP "Connection" icon appears in the tray.  IDUNO......

After scanning my brains out, I'm convinced the machine is clean.  Besides, wouldn't a worm pick a better time to call out, other than at boot-up, before anything stabilizes, and never again?

fidmas

  • Guest
Re: Event ID: 4226 TCP/IP has reached the security limit imposed... At Boot-up
« Reply #25 on: December 20, 2011, 08:59:20 PM »
OK ady4um.  I checked "connect via dialup" and unchecked "always connected". I would have thought they would be mutually exclusive but.....

Shut down for 17 minutes. and there's the same event at bootup.  Please see attached picture.  And yes, the gateway was left on.

I'm going to disable avast and come down for 17 minutes again.  The last time I tried that I simply did a "Restart".

fidmas

  • Guest
Re: Event ID: 4226 TCP/IP has reached the security limit imposed... At Boot-up
« Reply #26 on: December 20, 2011, 09:49:39 PM »
Results:  Avast disabled.  System shutdown for 17 minutes.  No TCPIP event logged.

BTW: My wife's XP Home machine gets the same event.  I know -- It's on the LAN so it could have got the same infection.  But, if it's not avast, at least avast is pushing it over the threshold.

FYI: I went back in the event log and see one of these randomly, after another random error, since the beginning of time.  It only started triggering on every bootup on December 6, 1011.

fidmas

  • Guest
Re: Event ID: 4226 TCP/IP has reached the security limit imposed... At Boot-up
« Reply #27 on: December 20, 2011, 10:15:55 PM »
If anyone has any new ideas, I'm all ears.  In the mean time, i set the max half-open hack to 50.  No more 4226 events.  I know it's a security hole, but I can't imagine a worm being happy with only 50.  Also as I understand it, W7 has removed the limit completely.  Or, is that only an Internet myth?

ady4um

  • Guest
Re: Event ID: 4226 TCP/IP has reached the security limit imposed... At Boot-up
« Reply #28 on: December 21, 2011, 01:51:44 AM »
For the update parameters, I meant both at the same time, the dial up settings AND the permanently connected. My guess is that with dial up alone, avast should wait a little longer to try to connect (instead of trying immediately).

To be clear, I don't think this has something to do with some malware, and I still think that opening the value to 50 max connections is worse than having this event listed.

Since you seem to have avast uninstalled, I would run the specific removal utility http://www.avast.com/uninstall-utility for avast under Windows Safe Mode. Run it more than once. Each time, select a different version / edition of avast, until you cover each and all versions you ever had.

Then manually clean any (hidden) folder containing "avast*" or "alwil" in the folder's name.

In Windows Normal Mode, reinstall the latest stable avast and reboot.

Now delete any and all firewall rules related to web browsers and to avast.

Set again the dial up setting, the "load services only after other services", save and reboot.

If the event returns back, I'll give you a manual change to the avast.ini file to delay the update attempt and we'll try that, but this should be only as a last choice.

Of course, if you are using another security tool, or if you used / tested another security tool and you uninstalled it, then it would be best to, first of all, run the respective removal utility for that other tool (see my signature's links) so to remove any leftovers that could conflict with avast.

fidmas

  • Guest
Re: Event ID: 4226 TCP/IP has reached the security limit imposed... At Boot-up
« Reply #29 on: December 21, 2011, 02:33:20 PM »
For the update parameters, I meant both at the same time, the dial up settings AND the permanently connected. My guess is that with dial up alone, avast should wait a little longer to try to connect (instead of trying immediately).

I'm snowed under today with work but I can experiment with these settings again, although I to think turning Off "Permanently Connected" would be more aggressive.

Quote
To be clear, I don't think this has something to do with some malware, and I still think that opening the value to 50 max connections is worse than having this event listed.

Yeah.  I may just put it back and live with the silly 4226 event.

Quote
Since you seem to have avast uninstalled,

No.  I never uninstalled it.  Just disabled it and re-booted to prove the point.

Quote
I would run the specific removal utility http://www.avast.com/uninstall-utility for avast under Windows Safe Mode. Run it more than once. Each time, select a different version / edition of avast, until you cover each and all versions you ever had.

Then manually clean any (hidden) folder containing "avast*" or "alwil" in the folder's name.

In Windows Normal Mode, reinstall the latest stable avast and reboot.

Now delete any and all firewall rules related to web browsers and to avast.

Set again the dial up setting, the "load services only after other services", save and reboot.

If the event returns back, I'll give you a manual change to the avast.ini file to delay the update attempt and we'll try that, but this should be only as a last choice.

Of course, if you are using another security tool, or if you used / tested another security tool and you uninstalled it, then it would be best to, first of all, run the respective removal utility for that other tool (see my signature's links) so to remove any leftovers that could conflict with avast.

I'll try all this, probably tomorrow.  As for other AV stuff, I had AVG years ago and completely whacked it (including protected Registry keys) before installing avast.  I also cleaned-up avast4 before installing avast5.  I did however just let avast6 do its thing, without removing 5 first.

All this takes a while, so I'll let you know as soon as possible.  Since my wife's machine has the same symptom, I'll probably have to do this twice.  I also have hers set to email me when avast finds something.  I have to remember how I did that. :-/

Thanks again for the ideas.