Jump to content

Brute Force Protection RDP Blocking Not Working

AlexLeadingEdge
 Share
Go to solution Solved by AlexSmith,

Recommended Posts

  • Administrators
AlexSmith

AlexSmith

Posted
  • Administrators
Posted (edited)

@AlexLeadingEdge in your testing, were you using devices on the same local/private network to perform the failed RDP connection attempts? If so, then what you are seeing is expected as the "Prevent private network connections from being blocked" setting is On by default.

Edited by AlexSmith
  • Thanks 1
Link to post
Share on other sites
AlexLeadingEdge

AlexLeadingEdge

Posted
  • Author
Posted
43 minutes ago, AlexSmith said:

@AlexLeadingEdge in your testing, were you using devices on the same local/private network to perform the failed RDP connection attempts? If so, then what you are seeing is expected as the "Prevent private network connections from being blocked" setting is On by default.

Hi Alex,

No, we used one network we control to RDP into another network we also control, using incorrect RDP login authentication details. The Event Viewer shows the failed logins, but Malwarebytes didn't block us.

The only thing I have noticed that may be a problem is that we haven't defined the RDP port as 3389, we left it blank so Malwarebytes would figure it out on its own.

Link to post
Share on other sites
  • Administrators
  • Solution
AlexSmith

AlexSmith

Posted
  • Administrators
  • Solution
Posted

@AlexLeadingEdge can you generate and share diagnostic logs from the endpoint you tested this on? I can help get this over to that team.

Also, to confirm what you are seeing, how many failed RDP attempts were tried?

Link to post
Share on other sites
AlexLeadingEdge

AlexLeadingEdge

Posted
  • Author
Posted

Hi Alex,

Sorry about the delay in replying. We have multiple Malwarebytes installs with Malwarebytes certificate errors and the install isn't actually working, so I can't rule out it is one of these. Malwarebytes Support seem to be calling it "Error 577".

We are in the process of moving several hundred computers from Nebula to OneView so we are a little busy at the moment, but will investigate again after Christmas.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept