Recently, I see:
Event ID: 4226
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

in the Event Viewer at every start-up, and only at start-up. after scanning 6 ways to sunday, and finding no worms, I tried disabling avast 6.0.1367 and rebooting. No problem.

Setting “load avast! only after other services” helps some, in that I don"t see this event at start-up sometimes.

I’d like to increase this “a little”, but everything I see on the net, to do this, contains malware.

XP(SP3)

Any ideas anyone?

Are you running bit torrent software? can cause this.
Run Malware bytes free to check for spyware?
Have you run a avast boot time scan?.
Def a malware process going off.
I have no issues

I do not see any Event ID: 4226 events on my XP Pro system.

Have you updated to avast! 6.0.1367 ???

Wouldn’t touch Torrent with a 10’ stick!

Ran Malwarebytes but I’ll do it again. Takes 5.5 hours.

Avast Boot time scan 2 days ago. Didn’t find anything, but I’ll do it again.

Again: Only on Start-up and no event triggered if avast is disabled!!

Yes: avast 3.0.1367.

This is an easy problem to remedy. It’s because windows sets a very low limit for half open connections and this is easily reached when downloading via torrents. The best thing to do, is to increase the number of half open connection to 100 and this will allow torrents to download faster without breaking your new limit. it’s a well known problem and requires a very small download to correct it. I have also encountered this when not downloading torrents due to various programs updating at start-up but would suggest you don’t increase to more than 100.Link below
http://half-open.com/download_en.htm

Doesn’t the OP say there not using torrents ???

@ craigb. If you read my note, you will see that it can also occur when not using torrents.

I see these from time to time as well. I’ve also heard that a poorly configured web page can cause this as well. Seeing this thread now, and looking again, I see that I’m getting them now at bootup as well, but not every time. And no torrents here at all, also just ran Malwarebytes and SAS and they’re clean. So, is this something to even be concerned about?

Ran Malwarebytes but I'll do it again. Takes 5.5 hours.

Thanks. I’m not using Torrents, that I know of, so can i up to something like 20 first, to see what happens?

Where do I look?

Thanks. Yup. I always update first. Quick Scan missed one once, at a friend’s house, so rather than doing a QS for 1 hour first, I’ve been starting a Full Scan and going away.

Click where it says Half Open Limit Fix. When you download and run, it will tell you what your half open limit is and you can increase it to a higher level.

Well, I used the “Half Open” fix to change from 10 to 20, and got the same event on the reboot. So, I went ahead and made it 100. I’ve rebooted now twice with no events. I’ll tell better after some time passes, but it looks good.

As I said, it never did this if I disabled avast, so I have to wonder what avast is doing trying to open that many connections?

Anyway, Thanks for now. That’s the only tcpip.sys patcher on the net that’s not infected. :-/

There are alternative solutions than changing the half… limit (which in addition opens security holes).

For the following, please revert back the previous patch/hack to the original Windows default and reboot.

Are you permanently connected? Change that setting in

avast main GUI → settings → updates → “I am permanently connected…”.

Try also in that same tab in avast the proxy to “no proxy (direct connection)”.

Then reboot and test again.

There are additional tweaks if those are not enough (still, using the default values in Windows, with no need to hack/patch). So please report back.

OK. I set “always connected”. It wasn’t set before because: Even though I’m using a DSL Gateway, it doesn’t power up until at least one machine, on the LAN, powers-up. It is possible for the router to take longer than the computer to start.

I also set “No Proxy” as you suggested.

I then went back to the TCPIP.sys patcher and reverted to the original file.

Rebooted and got the 4226 event again. However, I then rebooted 3 more times CLEAN!

IDUNO… Maybe it’s time to sit back for 7 hours, or so, and do another Malwarebytes scan and avast boot time scan.

/Bob

I don’t think you need to keep scanning.

Please try working as usual for some time. The specific event is not going to prevent from you to use your system. Only in some specific cases, this particular event shows a problem with actual effects.

If some other hardware needs to be turned on before your computer, it may be wise to simply wait an additional minute before turning the system on.

If the event returns after several days of using the system normally, please report back and we’ll try more specific additional configurations in avast (which are available, but not directly in the GUI of avast).

I agree. However I am doing a Malewarebytes scan right now (set to lower priority so I can continue working). When I get the time, I’ll probably do a boot time avast scan for completeness. Won’t hurt!

Just FYI: I may not have been clear. The 4226 happend at boot time even when the DSL Gateway was up and happily running for hours.

I’ll keep an eye on this and let you know in a couple days, I guess…

Well. 3 reboots and 3 4226 events. This does not seem to be as consistant if I just bring it up/down/up right away. It seems some time has to elapse. Either up-time or down-time.

Any suggestions before I try the “Hack” again, for a day, to see if it really worked?

BTW: Both Malwarebytes and avast boot time scans were clean.

I never power down my DSL Gateway so that is probably why I do not see that event.