Event ID: 4226 TCP/IP has reached the security limit imposed... At Boot-up

[ady4um]

For previous versions of avast, simply run the removal utility several times, selecting each version. Then manually search any folder as already indicated (as some remnant hidden folder may be left anyway) Remember to run the removal utility for avast under Windows Safe Mode.

For firewalls (which I still think is your first suspect), and other security tools (like avg), instead of manually searching for remnants, search for the respective info and removal utilities at this partial list: http://singularlabs.com/uninstallers/security-software/. Follow the respective instructions for each utility.

Please report back when you are ready.

[fidmas]

Thank you.  I'll play ASAP and report back.  As for Firewall, I'm just using Windows XP's that has no outgoing protection.  Does that change any of your procedures?  I never worried about spreading any thing since i have never caught anything to spread.  I thought this 4226 could have been the first time, but it's clearly just avast related.

As far as cleanup.  Where else does avast hide folders other than "\Program Files" and "C:\Documents and Settings\All Users\Application Data\AVAST Software"?

Thanks......

[fidmas]

Well, I made the time today.  I followed your instructions (only avast6 was there).  Rebooted twice now and Low and Behold everything "seems" cool. :-)  No 4226 events.  At least not yet. :-)

I seem to remember using "AlwaysConnectedWaitSeconds=120" in an .ini file (differant issue -- to wait for the router in the morning, when first powering it up) but forgot where.  Can you tell me where to look for the .ini file?

If this fix holds, I'll cleanup my wife's machine currently displaying the same symptom.

[fidmas]

Think I found it.  "C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\avast5.ini"?

[ady4um]

(only avast6 was there). 

What do you mean? do you mean you only try the removal utility for avast 6 only?

As far as cleanup.  Where else does avast hide folders other than "\Program Files" and "C:\Documents and Settings\All Users\Application Data\AVAST Software"?

Well, there are application data and might be others. By setting Windows Explorer to show all hidden and system files and performing a search for all the partition, you should be able to find all possible folders. Of course this should be performed after the removal utility and before reinstalling.

Since it seems you already re-installed, I can't say if older drivers may still be conflicting.

About the firewall, I insist. ALL firewalls, enabled or not, should be reviewed for older rules. Even if they seem to be correct, delete them. Aside from having to give new permissions, there is no "con".

Older firewalls and older security tools might be already uninstalled, but running the respective removal utilities for them usually removes the potential conflicts.

"C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\avast5.ini"?

Yes, that's the ini, but I'm not sure the "AlwaysConnectedWaitSeconds=120" is the entry we are looking for to solve your problem. There are other possible entries to delay the first attempt to update after each reboot or reconnections. The entries need to be added manually using notepad (the only allowed program) and then reboot.

Since you performed already several actions, I won't add more info until you report back the current situation (after testing your current settings).

[fidmas]

What do you mean? do you mean you only try the removal utility for avast 6 only?

No.  I mean when I installed avast5 i had problems until i "Completely" removed avast4 and reinstalled 5.  When I tried to "Upgrade" to avast6, I had glitches until i "Completely" removed 5 and 6 and reinstalled avast6 from scratch.  Hence, the removal utility could not fine any remnants of older versions because there weren't any.

Well, there are application data and might be others. By setting Windows Explorer to show all hidden and system files and performing a search for all the partition, you should be able to find all possible folders. Of course this should be performed after the removal utility and before reinstalling.

Yeah, I searched the entire drive for any files, folder, hidden files and folders with "avast' or "alwil" in its name.  Found no "alwil", but did find some "_avast_" folders and an "avast??.scr" in c:\Windows.  I killed them all.

About the firewall, I insist. ALL firewalls, enabled or not, should be reviewed for older rules. Even if they seem to be correct, delete them. Aside from having to give new permissions, there is no "con".

Older firewalls and older security tools might be already uninstalled, but running the respective removal utilities for them usually removes the potential conflicts.

Ok but <groan>.  Comodo was on this box over 4 years ago.  When I removed it, I killed all of its folders and protected registry keys, by hand, tediously, by hand.  There is nothing else "running" here except the default bare bones Windows XP Firewall.

Yes, that's the ini, but I'm not sure the "AlwaysConnectedWaitSeconds=120" is the entry we are looking for to solve your problem. There are other possible entries to delay the first attempt to update after each reboot or reconnections. The entries need to be added manually using notepad (the only allowed program) and then reboot.

Well, I used it, and all looks good, except I've been up for an hour so far this morning, and the last "Update attempt" was 12/21/2011 3:22:57 PM EST yesterday.  I'm going to play with the "connect via modem" option and see what happens.  The "Auto-update" is set for every 240 minutes.

[fidmas]

Update:  I turned on "Always connected" option also, did a Restart and left the room.  When I got back, the database was updated.  However, the router was obviously left on.  I'll need to wait long enough for for a router-on, Windows-startup, avast-update, to tell for sure.  Probably in the morning.

[fidmas]

About the firewall, I insist. ALL firewalls, enabled or not, should be reviewed for older rules. Even if they seem to be correct, delete them. Aside from having to give new permissions, there is no "con".

Older firewalls and older security tools might be already uninstalled, but running the respective removal utilities for them usually removes the potential conflicts.

OK.  Done.  Nothing found.

[ady4um]

Yeah, I searched the entire drive for any files, folder, hidden files and folders with "avast' or "alwil" in its name.  Found no "alwil", but did find some "_avast_" folders and an "avast??.scr" in c:\Windows.  I killed them all.

I assume you first ran the uninstall of avast from control panel, then the removal utility under windows Safe Mode, then you rebooted, and *then* you manually searched for those remnants (that shouldn't be left there, but let's leave that issue aside).

Comodo was on this box over 4 years ago.  When I removed it, I killed all of its folders and protected registry keys, by hand, tediously, by hand.  There is nothing else "running" here except the default bare bones Windows XP Firewall.

That paragraph is not exactly in line with what you wrote a couple of posts after it, so I'll repeat this once more. The "by hand" cleaning work is only adequate when looking for something specific AND you know exactly what you are doing. In any case, the "by hand" cleanup should be done AFTER running the respective removal utility (for Comodo in this case).

In addition, Comodo has a Firewall + additional tools installation. Even when you install part of the tools or the firewall only, other files may be copied to the system anyway.

The same happens with preinstalled software. Even if you don't accept to effectively install and use some preinstall security tool, we know the remnants are left there.

So for both cases, searching for the respective relevant removal utilities is still important. In your case, you currently have a non-critical issue, but according to your previous posts, there might be something that may be still conflicting with the normal avast's drivers and services.

A partial list of removal utilities (and please read the respective info for each case) is located at http://singularlabs.com/uninstallers/security-software/.

If you already ran the relevant removal utilities (as I *might* be understanding from other posts, but I am not completely sure about it), then no problem.

Regarding the Windows Firewall, you already mentioned you have it disabled. It would take you a couple of minutes to get to the advance properties, reading the rules and deleting anyone related to web browsers or to avast.

Continue your testing and let us know how they finally result.

[fidmas]

I give up.  I wrote a lengthy reply, with attachments.  My attachments were rejected along with the reply.  As far as I can tell, everything you want has been done.

Windows Firewall IS running and has been running for years, just the way avast wants it.  i can't show you the pictures of the settings because this forum won't let me attach the 4 compressed JPGs..

I'm not going to compose a reply to every point again.  I guess you'll have to believe me.  I've been a System Engineer for going on 40 years.  I don't consider myself an idiot.

If I get the time later to rewrite the original reply, point by point, I will.  Right now I need to get back to work.

Thank you for your help.

[fidmas]

Firewall settings 1.

Need explanation -- Ask.

[fidmas]

Firewall settings 2.

Need explanation -- Ask.

[fidmas]

Firewall settings 3.

Need explanation -- Ask.

[ady4um]

Resume:
In avast -> settings

-> troubleshooting -> "load avast services only after other system services".

-> updates -> "direct connection (no proxy)".

-> updates -> "dial up connection" (should reduce the number of connections).


In addition, may or may not imprve you situation (you need to test it):

-> updates -> "permanently connected"


Save avast settings.

In avast5.ini (using notepad only, as any other program will be rejected by avast self defense module):

Code: [Select]

[InetWD]
AssumeAlwaysConnected=1
AlwaysConnectedWaitSeconds=300

(Note: the value "300" would mean 300 seconds = 5 minutes after first connection.)

For avast5.ini, I think there were additional possible options to be manually added, but I currently can't remeber them.

About the firewall pictures, you seem to have the LAN enabled in your firewall but the http(s) traffic disabled?

[fidmas]

Resume:
In avast -> settings

-> troubleshooting -> "load avast services only after other system services".

-> updates -> "direct connection (no proxy)".

-> updates -> "dial up connection" (should reduce the number of connections).

As it is/was.

In addition, may or may not improve you situation (you need to test it):

-> updates -> "permanently connected"

Actually I didn't get auto updates for 11 hours until I set this.  Rebooted and they came right down.  Dialup connections are hard to detect.  At least the one time I tried to code for it.  We'll see.

In avast5.ini (using notepad only, as any other program will be rejected by avast self defense module):

I did, but I didn't know that.  I would have just gone to Safe Mode. :-)

Code: [Select]

[InetWD]
AssumeAlwaysConnected=1
AlwaysConnectedWaitSeconds=300

(Note: the value "300" would mean 300 seconds = 5 minutes after first connection.)

I had 240 but another minute can't hurt. :-)

For avast5.ini, I think there were additional possible options to be manually added, but I currently can't remember them.

Well, so far so good.  No 2446 events since I did the clean install.  We'll see better tommorrow when the Gateway and this computer get power at the same time.  i haven't "SEEN' the green "Updated" popup yet, but the updates are happening.  I could have been out of the room.  Tell better in the morning.  I'll also try EICAR.

About the firewall pictures, you seem to have the LAN enabled in your firewall but the http(s) traffic disabled?

Well, this machine doesn't/shouldn't "serve" anything on the internet.  Most of those are XP defaults, as I recall.  The REAL firewall is in the Gateway.  See attached.