Jump to content

Problem with RDP? We wanted Endpoint Protection


mrmulti
 Share

Recommended Posts

I wanted to sign up for endpoint protection since we are recovering from ransomware attack.   But i have some questions.  I heard that it is unsupported for rdp or terminal services. I support a server remotely, and use rdp to connect. So, my first queston is - will it work if i use rdp? 

Recently we had a ransomware attack originating from a workstation, and being afraid that it might affect the server, I installed Malwarebytes to do a scan.  It started a trial, and seemed to be intercepting riskware through the mail transport (it is exchange server) at first i thought this was a good thing, But i am not so sure now since my exchange search service is continuously stopping and restarting.   Question #2: That version is Malwarebytes Premium, is it a no-no to run it on exchange server?

Then I was trying to manually delete encrypted files which i wanted to do all at once , and then tried 200,000 files at once while connected remotely. Each time i tried, I got booted out and the exchange server went down, I would have to wait a few hours and then restart services manually.  Question #3: was malwarebytes premium involved in any of that and should I uninstall it?     Please respond since I am in the middle of this now!

 

Link to post
Share on other sites

@djacobson posted a new compatibility matrix for Malwarebytes Endpoint Protection, not Malwarebytes Premium, that cover most server roles, see below. As far as I know Malwarebytes Premium is not supported on any server OS but don't quote me on that.

646394638_MBEPMatrix.JPG.7e79eb74f8eb154

I can say from experience we have MEP, which is different than Malwarebytes Premium that you can download a trial from the website, on a 2008R2 Terminal Server and have had it running for almost a year now without issue. We do have a special policy in place, following the guidelines above. Up until the later releases Web Protection wasn't supported on a TS or RDS server. 

Link to post
Share on other sites

  • Staff

Thanks for posting that @Kalrand. The matrix is a nice little cheat sheet to help understand what realtime protections can be utilized.

@mrmulti connecting via RDP will be ok. The restriction is around shared programs, services and profiles via RDS, which has trouble with the Anti-Ransomware side but is ok for the other protection items. The home premium is not meant for server operating systems, but even the business one shouldn't really have the web blocker on for servers running Exchange. 

You can trial the Endpoint Protection version, which on first setup will initially install and use something called Malwarebytes Breach Remediation, this will allow you to scan and clean up without realtime items running, which seem to be hindering your ability to remotely manage them at the moment. The trial can be found here - https://www.malwarebytes.com/business/trial

Later on you can edit / create policies that will allow you to choose which realtime pieces you would like on your machines, this action will change the plugin used from Malwarebytes Breach Remediation, to Malwarebytes version 3, which is a modified version of the home version you are running in order to support business environments.

For your cleanup stuff, don't forget to turn on the anti-rootkit settings for the scans, this can help you get every nook and cranny, but be aware it makes the scans take much longer.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.