AlexLeadingEdge Posted December 17, 2020 ID:1427684 Share Posted December 17, 2020 Hi guys, We turned on the new Brute Force Protection / RDP Blocking feature on, but doing simple tests that should have got us blocked, by connecting with incorrect username and password, shows that the Brute Force Protection doesn't actually seem to do anything. Any ideas why this isn't working? Link to post Share on other sites More sharing options...
AlexSmith Posted December 17, 2020 ID:1427704 Share Posted December 17, 2020 (edited) @AlexLeadingEdge in your testing, were you using devices on the same local/private network to perform the failed RDP connection attempts? If so, then what you are seeing is expected as the "Prevent private network connections from being blocked" setting is On by default. Edited December 17, 2020 by AlexSmith 1 Link to post Share on other sites More sharing options...
AlexLeadingEdge Posted December 17, 2020 Author ID:1427714 Share Posted December 17, 2020 43 minutes ago, AlexSmith said: @AlexLeadingEdge in your testing, were you using devices on the same local/private network to perform the failed RDP connection attempts? If so, then what you are seeing is expected as the "Prevent private network connections from being blocked" setting is On by default. Hi Alex, No, we used one network we control to RDP into another network we also control, using incorrect RDP login authentication details. The Event Viewer shows the failed logins, but Malwarebytes didn't block us. The only thing I have noticed that may be a problem is that we haven't defined the RDP port as 3389, we left it blank so Malwarebytes would figure it out on its own. Link to post Share on other sites More sharing options...
Solution AlexSmith Posted December 17, 2020 Solution ID:1427719 Share Posted December 17, 2020 @AlexLeadingEdge can you generate and share diagnostic logs from the endpoint you tested this on? I can help get this over to that team. Also, to confirm what you are seeing, how many failed RDP attempts were tried? Link to post Share on other sites More sharing options...
AlexLeadingEdge Posted December 23, 2020 Author ID:1428743 Share Posted December 23, 2020 Hi Alex, Sorry about the delay in replying. We have multiple Malwarebytes installs with Malwarebytes certificate errors and the install isn't actually working, so I can't rule out it is one of these. Malwarebytes Support seem to be calling it "Error 577". We are in the process of moving several hundred computers from Nebula to OneView so we are a little busy at the moment, but will investigate again after Christmas. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now