New
#1
TCP overrun Event ID: 4226 Likely due to Malicious Cause?
A question for your experts so I can learn:
System Event 4226 results in a system not being able to process network requests at the usual rate, so what the user notices is that some "normal" operations fail to complete [accessing network drives, LAN resources, or outbound addresses, etc].
I believe, but cannot prove due to my own ignorance, that the simultaneous use of 2 network connections [ie. ethernet + wifi] can contribute to this threshold breach.
Clearing the registers and shutting down one of these connections results [or resulted, in the last case of this I handled yesterday] in a good system... no more issues.
However, the article on Technet about this mainly deals with malicious causes, and that is the reason for the threshold and subsequent measures in the first place if I understand correctly.
In your experience, is this event typically triggered maliciously, or through some system config slop like mentioned above?
thanks for your help