Skip to content

Known Issues

Kevin Koslowski edited this page May 10, 2026 · 21 revisions

Antivirus False-Positives

Duo performs several actions that Windows typically discourages.

Consequently, many antivirus programs quickly raise concerns and require manual exclusion rules for Duo to function properly.

Here's a list of activities undertaken by Duo that might trigger suspicion from your antivirus software:

  • It adds selected local user accounts to the Remote Desktop Users group so they can be used as headless terminal session logon accounts
  • It patches termsrv.dll (in RAM) to enable the possibility of running multiple concurrent active terminal sessions
  • It patches IddCx.dll & RdpIdd.dll (in RAM) to enable the capture of uncompressed SwapChain frames from remote terminal sessions
  • It initiates headless localhost RDP connections to prompt termsrv.dll to create new remote terminal sessions
  • It disables the BluetoothUserService of spawned sessions to prevent unwanted Bluetooth stack resets
  • It reads instance configuration data from the registry

There really isn't much that can be done about it either with the ever-moving goalpost of heuristic Antivirus software.

Remote Audio driver limitations

Duo uses a variety of Microsoft's own virtual device drivers to get things done.

One of those drivers is Microsoft's remote audio driver, which, at the time of writing, only supports stereo audio.

We're making progress unlocking surround sound support however.

Gamepad limitations

Only 4 XInput gamepads are supported (across all native sessions)

This is a limitation of XInput, which becomes especially apparent when mixed with multiple concurrent sessions because they share a common XInput device pool.

Host-connected gamepads may bleed across native sessions or not function at all

Duo's gamepad isolation mechanism leverages a sparsely documented Windows device property to confine devices to their respective sessions. The process involves:

  1. Identifying the device's HID input device node.
  2. Locating all device nodes within the same device container group.
  3. Setting the Session ID property for these device nodes, making them invisible to all sessions except their own.
  4. Disabling and re-enabling the device nodes to prompt Windows to re-enumerate the device, cutting off already running processes from the device.

This method is effective for most devices except XInput gamepads, which cannot be disabled in software without rebooting the host system. Consequently, re-enumeration of these devices is impossible without physically disconnecting and reconnecting them.

From a user perspective, this means the gamepad remains visible to processes that were initiated before the device was connected to the host. Processes started after the device connection will not detect the gamepad, functioning as intended.

DualShock 4 controllers are currently not supported remotely

After removing the deprecated ViGEmBus as a dependency, we naturally lost support for remote DualShock 4 controllers, as there is currently no ready to use library available to emulate these. However, there is a solution to this being actively developed.