-
Notifications
You must be signed in to change notification settings - Fork 10
Known Issues
Duo performs several actions that Windows typically discourages.
Consequently, many antivirus programs quickly raise concerns and require manual exclusion rules for Duo to function properly.
Here's a list of activities undertaken by Duo that might trigger suspicion from your antivirus software:
- It adds selected local user accounts to the Remote Desktop Users group so they can be used as headless terminal session logon accounts
- It patches termsrv.dll (in RAM) to enable the possibility of running multiple concurrent active terminal sessions
- It patches IddCx.dll & RdpIdd.dll (in RAM) to enable the capture of uncompressed SwapChain frames from remote terminal sessions
- It initiates headless localhost RDP connections to prompt termsrv.dll to create new remote terminal sessions
- It disables the BluetoothUserService of spawned sessions to prevent unwanted Bluetooth stack resets
- It reads instance configuration data from the registry
There really isn't much that can be done about it either with the ever-moving goalpost of heuristic Antivirus software.
Duo uses a variety of Microsoft's own virtual device drivers to get things done.
One of those drivers is Microsoft's remote audio driver, which, at the time of writing, only supports stereo audio.
We're making progress unlocking surround sound support however.
This is a limitation of XInput, which becomes especially apparent when mixed with multiple concurrent sessions because they share a common XInput device pool.
Duo's gamepad isolation mechanism leverages a sparsely documented Windows device property to confine devices to their respective sessions. The process involves:
- Identifying the device's HID input device node.
- Locating all device nodes within the same device container group.
- Setting the Session ID property for these device nodes, making them invisible to all sessions except their own.
- Disabling and re-enabling the device nodes to prompt Windows to re-enumerate the device, cutting off already running processes from the device.
This method is effective for most devices except XInput gamepads, which cannot be disabled in software without rebooting the host system. Consequently, re-enumeration of these devices is impossible without physically disconnecting and reconnecting them.
From a user perspective, this means the gamepad remains visible to processes that were initiated before the device was connected to the host. Processes started after the device connection will not detect the gamepad, functioning as intended.
After removing the deprecated ViGEmBus as a dependency, we naturally lost support for remote DualShock 4 controllers, as there is currently no ready to use library available to emulate these. However, there is a solution to this being actively developed.