ChrisLombaard

Hi @kaizen, Will have a look thank you. We are already behind VPN and firewall, so I'll need to investigate further. It is showing that it originated from one server to another server on the same local network. We do from time to time connect between the server showing up on the location of the detection summary to the end point being referred. Is my understanding then correct that the RDP Intrusion detection only tells us that someone unsuccessfully provided credentials 5 times in 5 minutes? How do I know if a RDP connection was made or not. Is it stored in a Windows Event Log? Just need guidance on checking if someone did get in as we don't observer any other alerts on Malware or suspicious activity on the Endpoint in question. Kind Regards, Chris Lombaard

Hi, Found out there were a few RDP Intrusion Detections on one of the web servers. In trying to understand what to do about it, I clicked on the detection name RDP Intrusion Detection and was take to https://blog.malwarebytes.com/detections/rdp-intrusion-detection/ that redirects to https://blog.malwarebytes.com/detections/. But there is no information there. Struggling to find out if this detection is a cause for alarm and if my server was compromised. The detection was not continous from one IP, and show up about 8 times over the course of a few weeks. When will a RDP Intrusion Detection be detected. Can it happen if I don't use the correct password when trying to connect from another server in the same local network or is it always malicious? PS: My first post so I could have missed some information that is important?

@N33dful, Great suggestions. I've moved the server in question into its own group and updated the policies accordingly to test if it has any effect. So far it already looks better. Your answer came at just the right time

Does anyone have advice on how to exclude MalwareBytes Endpoint protection from slowing down the operations of Visual Studio 2019. We have added the Visual Studio executable to the Global Exception but it does not seem to have made a difference. When building projects, or moving large number of files around, the end point protection interferes to such an extent by slowing down the file operations to 50x slower than usual. We want to balance the price we need to pay to have full end point protection at the cost of operation efficiencies. We doubled the server resources ito CPU, RAM and Disk IOPS, with no effect to the speed at which the MalwareBytes service scans disk disk access when we monitor it on Resource Monitor.