Jump to content

Recommended Posts

I'm having MBEP block RDP coming into a terminal server on a non-standard port.  I do have Behavior Protection disabled in the policy that applies to the group that this server is in, per this document.

I don't see any detections in the cloud console...  nothing in event logs except successful security audit logs...  not sure where to start looking for logs or exclusions.  Any help would be appreciated.

TIA

ciao

 

Link to post
Share on other sites
  • Staff

Greetings,

It is possible that the Web Protection component is blocking the connection.  Please test by excluding the IP that is attempting to remote into the affected system, and if that fails, try temporarily disabling Web Protection entirely to see if that yields any better results.

Please let us know how it goes.

Thanks

Link to post
Share on other sites
  • Staff

If it was an actual web block then there should be an entry in your protection logs showing that a connection attempt to a malicious website was blocked, however I suspect it may be due to an issue they recently fixed on the consumer side where some connections were being blocked due to a driver issue and if the latter is the case then there will be no logged detection/block entry.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.