Known Issues - DuoStream/Duo GitHub Wiki

Antivirus False-Positives

Duo performs several actions that Windows typically discourages.

Consequently, many antivirus programs quickly raise concerns and require manual exclusion rules for Duo to function properly.

Here's a list of activities undertaken by Duo that might trigger suspicion from your antivirus software:

  • It adds selected local user accounts to the Remote Desktop Users group so they can be used as headless terminal session logon accounts
  • It patches termsrv.dll (in RAM) to enable the possibility of running multiple concurrent active terminal sessions
  • It patches IddCx.dll & RdpIdd.dll (in RAM) to enable the capture of uncompressed SwapChain frames from remote terminal sessions
  • It initiates headless localhost RDP connections to prompt termsrv.dll to create new remote terminal sessions
  • It reads instance configuration data from the registry

There really isn't much that can be done about it either with the ever-moving goalpost of heuristic Antivirus software.

Remote Audio driver limitations

Duo uses a variety of Microsoft's own virtual device drivers to get things done.

One of those drivers is Microsoft's remote audio driver, which, at the time of writing, only supports stereo audio.

We're looking into potential alternatives, but for the time being this is the best Microsoft has on offer for remote sessions.

Only 4 XInput gamepads are supported (across all sessions)

This is a limitation of XInput, which becomes especially apparent when mixed with multiple concurrent sessions because they share a common XInput device pool.

Host-connected XInput gamepads may bleed across sessions

Duo's gamepad isolation mechanism leverages a Windows device enumeration loophole to confine devices to their respective sessions. The process involves:

  1. Identifying the device's HID input device node.
  2. Locating all device nodes within the same device container group.
  3. Setting the Session ID property for these device nodes, making them invisible to all sessions except their own.
  4. Disabling and re-enabling the device nodes to prompt Windows to re-enumerate the device, cutting off already running processes from the device.

This method is effective for most devices except XInput gamepads, which cannot be disabled in software without rebooting the host system. Consequently, re-enumeration of these devices is impossible without physically disconnecting and reconnecting them.

From a user perspective, this means the gamepad remains visible to processes that were initiated before the device was connected to the host. Processes started after the device connection will not detect the gamepad, functioning as intended.