Sign in to follow this  
Advanced User

Changes the parameter - Teredo error 10

Recommended Posts

Hello. Antivirus changes the parameter in the registry HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ services \ TCPIP6 \ Parameters \ DisabledComponents from 0 to 8. That's why Teredo gets error 10. Why does the antivirus need it, and why doesn't it restore the value automatically?

Emsisoft Emergency Kit 2020.5.0.10152 stable [ru-ru]
OS: Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)

b0c2c226252at.jpg


Здравсвуйте. Ваш антивирус изменяет параметр в реестре HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents с 0 на 8. Пэтому у Teredo появляется ошибка 10. Зачем это нужно антивирусу, и почему он не восстанавливает значение автоматически?

Share this post


Link to post
Share on other sites
22 hours ago, John Name said:

That's why Teredo gets error 10. Why does the antivirus need it, and why doesn't it restore the value automatically?

I would believe it is disabled automatically to prevent BSoD's due to a bug in the Teredo driver that was patched in an optional update, and which was never installed on most computers. Unfortunately some WFP drivers, such as the one our Web Protection relies on, can trigger a BSoD when the patch is not installed and the Teredo device is enabled. Due to this, and the fact that some people are unable to install the optional patch from Microsoft that fixes this issue, Emsisoft Anti-Malware simply disables the Teredo device to prevent issues.

Since the Teredo tunneling device is only needed on older networks that don't support IPv6, it is fairly rare these days for it to be necessary. In the majority of cases there should be no negative side effects to it being disabled.

Edit: I overlooked the fact that this was in regards to Emsisoft Emergency Kit (EEK), which doesn't use our WFP driver. I'll ask QA if it's necessary for EEK to disable this driver.

Edited by GT500

Share this post


Link to post
Share on other sites
5 hours ago, GT500 said:

Since the Teredo tunneling device is only needed on older networks that don't support IPv6, it is fairly rare these days for it to be necessary. In the majority of cases there should be no negative side effects to it being disabled.

Edit: I overlooked the fact that this was in regards to Emsisoft Emergency Kit (EEK), which doesn't use our WFP driver. I'll ask QA if it's necessary for EEK to disable this driver.

What does "it is fairly rare these days for it to be necessary" mean? I need Teredo, since there is no native IPv6 in our country, and it is unlikely that it will be made in the near future.
What specific Windows patch should I install to fix this problem?  And why does the problem only occur with your antivirus utility? Other antivirus utilities do not suffer from such garbage. And there is no blue screen from them.

Что значит "it is fairly rare these days for it to be necessary"? Мне необходим Teredo, так как в нашей стране нет нативного IPv6, и вряд ли его сделают в ближайшем будущем.
Какой конкретнго патч Windows нужно установить для решения этой проблемы? И почему проблема возникает только с вашей антивирусной утилитой? Другие антивирусные утилиты такой фигней не страдают. И никакого синего экрана от них нет.

Share this post


Link to post
Share on other sites
18 hours ago, John Name said:

What does "it is fairly rare these days for it to be necessary" mean? I need Teredo, since there is no native IPv6 in our country, and it is unlikely that it will be made in the near future.

The Teredo tunneling device is only necessary when your computer attempts to access online content that is on a server that has an IPv6 address, or possibly also where the route to the server that contains the content passes through a device that has an IPv6 address. In the United States I never see a traceroute with an IPv6 address in it, even when tracing routes to servers in Europe and/or Asia. IPv6 addresses seem to be mostly used by Internet Service Providers for home routers and perhaps also by cellular providers for mobile phone and mobile WiFi hotspots.

If you live in a country that has no IPv6 support, then first and foremost that doesn't make sense as its the Internet Service Providers that determine whether there is IPv6 support or not (they buy routers and switches that have IPv6 support, and then decide whether to enable and configure it). Since most ISP's are aware of the need for IPv6 support, especially in western nations, they usually have it configured in their networking hardware. This means the limiting factor is your home router, and whether or not it supports it (which is the limitation the Teredo tunneling device is intended to work around).

Share this post


Link to post
Share on other sites
18 hours ago, John Name said:

What specific Windows patch should I install to fix this problem?

The hotfix was intended to fix the BSoD. Installing it will not re-enable the Teredo tunneling device.

The following link is for the original hotfix, however please note that it was superseded by another hotfix and I don't know the KB number for the newer one. You will more than likely not be able to install this older hotfix.
https://support.microsoft.com/en-us/help/2958399/0xd1-stop-error-occurs-occasionally-in-all-sql-server-cluster-nodes-ru

 

18 hours ago, John Name said:

And why does the problem only occur with your antivirus utility?

I would believe other companies use a different workaround that has its own drawbacks, however I no longer remember what those are.

I've actually been told that Emsisoft Anti-Malware no longer disables the Teredo tunneling device, and I'm not sure why EEK would be doing so since it doesn't make use of a WFP driver. I've asked QA about this, but will not receive a reply right away.

 

18 hours ago, John Name said:

Other antivirus utilities do not suffer from such garbage.

Disabling the Teredo tunneling device isn't "garbage". The Teredo tunneling device is an old workaround to an old problem that mostly doesn't exist anymore. For most people this virtual device isn't even needed today. Keep in mind that Windows 7 is an end-of-life Operating System that's been around more than a decade at this point, and while I would believe that newer versions of Windows still come with the Teredo tunneling device they don't have this problem.

Share this post


Link to post
Share on other sites

In any case, I do not like the fact that the antivirus is in charge of the parameters of my computer. I myself decide what I need to enable, what to disable. Could make a pop-up window that would inform that he is going to change a setting that does not apply to antivirus, instead of useless advertising. The behavior of the antivirus is similar to a virus, and users do not even know, they start googling information about the yellow triangle teredo. Now I need to install an update that hasn't gone through full testing, so maybe new bugs will appear. 

В любом случае, мне не нравится, что антивирус хозяйничает в параметрах моего компьютера. Я сам решаю, что мне нужно включить, что отключить. Могли бы сделать всплывающее окно, которое бы сообщало, что собирается изменить настройку, которая к антивирусу не относится, вместо бесполезной рекламы. Поведение антивируса похоже на вирус, а пользователи даже не догадываются, начинают гуглить информацию насчет желтого треугольника тередо. Теперь мне нужно установить обновление, которое не проходило полного тестирования, чтобы, возможно, появились новые баги . 

Share this post


Link to post
Share on other sites
16 hours ago, John Name said:

I installed the KB2958399 update, but the antivirus utility still changes the value from 0 to 8.

That's because it doesn't check for the update. Most people don't know where to get it, so we expect it to rarely be installed. Rather than making it a requirement for using our software like we used to have to do with our firewalls, we disable the effected virtual device.

 

17 hours ago, John Name said:

In any case, I do not like the fact that the antivirus is in charge of the parameters of my computer.

Most Anti-Virus software will change Windows settings when they think it's necessary. Usually that's to revert settings they think may have been altered by malware, however some take liberties with settings they feel will make your computer more secure or which they feel will keep you from having problems.

 

17 hours ago, John Name said:

The behavior of the antivirus is similar to a virus, and users do not even know, they start googling information about the yellow triangle teredo.

Then you must also dislike VPN's, as many of them disable IPv6 support in Windows to prevent your real IP address from being leaked, and with many of those which don't do this automatically you risk losing the anonymity of the VPN service.

Is there actually some online service or content that you are unable to access due to the Teredo tunneling device being disabled?

Share this post


Link to post
Share on other sites

BTW: I've been told that EEK doesn't contain the part of Emsisoft Anti-Malware's code that disables the Teredo tunneling device, so either you must have installed Emsisoft Anti-Malware at some point or something else is doing this rather than EEK.

I've also been told that we had to have Emsisoft Anti-Malware start disabling the Teredo tunneling device again due to BSoD reports.

Share this post


Link to post
Share on other sites
7 hours ago, GT500 said:

BTW: I've been told that EEK doesn't contain the part of Emsisoft Anti-Malware's code that disables the Teredo tunneling device, so either you must have installed Emsisoft Anti-Malware at some point or something else is doing this rather than EEK.

I've also been told that we had to have Emsisoft Anti-Malware start disabling the Teredo tunneling device again due to BSoD reports.

Never installed your antivirus on this system. I use only EEK all the time. Should I record a video of how EEK changes this parameter to make you believe it? Why all these ridiculous denials?

Никогда не устанавливал ваш антивирус на эту систему. Все время пользуюсь только ЕЕК. Мне записать видео как ЕЕК изменяет этот параметр, чтобы вы поверили? К чему все эти нелепые отрицания?

7 hours ago, GT500 said:

That's because it doesn't check for the update. Most people don't know where to get it, so we expect it to rarely be installed. Rather than making it a requirement for using our software like we used to have to do with our firewalls, we disable the effected virtual device.

 

Most Anti-Virus software will change Windows settings when they think it's necessary. Usually that's to revert settings they think may have been altered by malware, however some take liberties with settings they feel will make your computer more secure or which they feel will keep you from having problems.

 

Then you must also dislike VPN's, as many of them disable IPv6 support in Windows to prevent your real IP address from being leaked, and with many of those which don't do this automatically you risk losing the anonymity of the VPN service.

Is there actually some online service or content that you are unable to access due to the Teredo tunneling device being disabled?

I am not interested in other antiviruses, now we are talking about your antivirus.

Меня не интересуют другие антивирусы, сейчас речь идет о вашем антивирусе.

It remains for me to block this registry key so that your virus does not change it. Is this your solution to the problem? Or will you continue to tell tales about blue screens and the absence of a parameter change code? 

Мне остается заблокировать эту ветку реестра, чтобы ваш вирус ее не изменял. Это ваше решение проблемы? Или будете дальше рассказывать сказки про синие экраны и отсутствие кода изменения параметра?

Share this post


Link to post
Share on other sites
16 hours ago, Advanced User said:

Should I record a video of how EEK changes this parameter to make you believe it?

I just tested this on Windows 7 x64 Service Pack 1, and Emsisoft Emergency Kit did not change any IPv6 related settings, and the Teredo tunneling device remained enabled during the test.

Please record a video of this so that I can see what is happening on your computer.

Note that while the video would be more useful to me in English, we have team members who are fluent in Russian who I can ask to look at it if necessary.

 

16 hours ago, Advanced User said:

Why all these ridiculous denials?

I'm passing on the information I've been given by QA. My job is to provide technical support, and I do not attempt to act as PR or marketing. If our software has a legitimate bug, I do not deny it or attempt to cover it up. My history of replies to users on these forums are available for you to review if you don't believe me.

 

16 hours ago, Advanced User said:

I am not interested in other antiviruses, now we are talking about your antivirus.

Our Anti-Virus is Emsisoft Anti-Malware. I thought your problem was with Emsisoft Emergeny Kit?

 

16 hours ago, Advanced User said:

It remains for me to block this registry key so that your virus does not change it. Is this your solution to the problem? Or will you continue to tell tales about blue screens and the absence of a parameter change code?

All of the information I have (including my own testing) says the problem you are reporting isn't related to the software you're claiming is causing it. I've been told that Emsisoft Emergency Kit literally doesn't contain the component that disables the Teredo tunneling device (meaning it's physically impossible for it to do so), and the person who told me that verified it with a developer before passing the information to me.

Share this post


Link to post
Share on other sites
5 hours ago, GT500 said:

I just tested this on Windows 7 x64 Service Pack 1, and Emsisoft Emergency Kit did not change any IPv6 related settings, and the Teredo tunneling device remained enabled during the test.

All of the information I have (including my own testing) says the problem you are reporting isn't related to the software you're claiming is causing it. I've been told that Emsisoft Emergency Kit literally doesn't contain the component that disables the Teredo tunneling device (meaning it's physically impossible for it to do so), and the person who told me that verified it with a developer before passing the information to me.

Here's a video that says otherwise. The parameter is not changed by any application until the start of the EEK.

Вот видео говорит об обратном. Параметр не изменяется никаким приложением до старта EEK.

Videos won't load normally on your forum. The video has been uploaded here https://radikal.ru/vf/NJ8ESGzKwjN

Share this post


Link to post
Share on other sites
11 hours ago, Advanced User said:

I send logs FRST in a private message

Your logs look very strange. Were they edited?

Share this post


Link to post
Share on other sites

I've just finished retesting this, and I was able to reproduce the issue. I recorded a video of myself testing this, and sent it to QA in addition to your other information.

Share this post


Link to post
Share on other sites
6 hours ago, GT500 said:

I've just finished retesting this, and I was able to reproduce the issue. I recorded a video of myself testing this, and sent it to QA in addition to your other information.

Incredible. But you said that there is no code in the application that changes this parameter? 

Невероятно. Но вы же говорили, что в приложении нет кода изменяющего этот параметр?

Share this post


Link to post
Share on other sites
14 hours ago, Advanced User said:

Incredible. But you said that there is no code in the application that changes this parameter? 

That's what I was told by QA. Obviously we'll have to look more closely into why this is happening, as that setting doesn't need to be changed by EEK.

 

14 hours ago, Advanced User said:

The password is incorrect? Archiver 7z.

The password was fine, but the logs are missing information that make them useless for debugging. Although since we can reproduce the issue on our own, it shouldn't be necessary to send us any more logs.

Share this post


Link to post
Share on other sites
14 hours ago, Advanced User said:

Has your QA fallen asleep yet? :mellow: 

Our QA team doesn't fix bugs. We have separate teams of developers for that.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.