Hi,
I have MWB loaded on Windows Server 2012 R2
MWB keeps giving me the following message:
I have already blocked all TCP and UDP traffic to RDP port 3389 from all ip but one..
Can someone please tell me what to do? is this possible a false positive or is MWB blocking it before the windows firewall is actually getting a chance to block it..
here is my WFW:
here is a copy of my MWB event as per the issue above:
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 2/7/21
Protection Event Time: 7:35 PM
Log File: 84386dfc-69a5-11eb-a87e-b8ca3a6f7bed.json
-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1157
Update Package Version: 1.0.36817
License: Trial
-System Information-
OS: Windows Server 2012 R2
CPU: x64
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, C:\Windows\System32\svchost.exe, Blocked, -1, -1, 0.0.0, ,
-Website Data-
Category: Compromised
Domain:
IP Address: 185.153.199.132
Port: 3389
Type: Inbound
File: C:\Windows\System32\svchost.exe
(end)