Jump to content

Recommended Posts

I keep getting message below over and over.  How do I resolve it? 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/25/21
Protection Event Time: 10:43 AM
Log File: 56712b94-35aa-11ec-8f74-6c2b59cc0792.json

-Software Information-
Version: 4.4.9.142
Components Version: 1.0.1486
Update Package Version: 1.0.46394
License: Premium

-System Information-
OS: Windows 10 (Build 19042.1288)
CPU: x64
File System: NTFS
User: System

-Blocked brute force activity-
Malicious Website: 1
, C:\Windows\System32\svchost.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Brute force attack
Domain: 
IP Address: 218.247.161.230
Port: 3389
Type: Inbound
File: C:\Windows\System32\svchost.exe

(end)

Link to post
Share on other sites

Hi @dpctx   :welcome:

Pleased do NOT select the "repair".  But look again and follow the GATHER Logs section of the Advanced  section.

  1. Double-click mb-support-1.8.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  2. Place a checkmark next to Accept License Agreement and click Next
  3. Navigate to the Advanced tab
  4. Then select GATHER logs
  5. A file named mbst-grab-results.zip will be saved to your Desktop
  6. Please attach the file in your next reply.

 

Link to post
Share on other sites

Thank you.

First, please know that Block notices are just advisories that the program is protecting your system.
In this case here, it is protecting from Inbound attempts to connect via Remote Desktop feauture of Windows.
The block notice means it was STOPPED.
That is a INBOUND attempt  and the IP Address: 218.247.161.230

Please see https://support.malwarebytes.com/hc/en-us/articles/360038984953-Security-settings-in-Malwarebytes-for-Windows

Quote

Brute Force Protection (BFP) monitors Microsoft's Remote Desktop Protocol by protecting your devices from suspicious connections via remote devices. It temporarily blocks IP addresses with suspicious login attempts and notifies you of the blocks. BFP is an opt-in feature and is available only for Malwarebytes for Windows and Malwarebytes for Teams users.

IF you are not using or do not need to use Remote Desktop, then turn it off to keep your system more secure.
Unless you are actually using this machine to connect to another Windows' remote desktop,  then you ought to turn off the Remote Desktop setting, since that makes your machine a tempting target.

See   https://www.tenforums.com/tutorials/92433-enable-disable-remote-desktop-connections-windows-10-pc.html

By turning off remote desktop, you lessen your machine's odds of being a tempting target for probers.
The bad guys seek out machines able to do remote desktop as being prime candidates.   Keep in mind these involve automated bots.
,
You can block one or more IP addresses in the Windows 10'  Windows Firewall
See   https://www.cm3solutions.com/block-ip-address-ip-range-using-windows-firewall/

You should block the IP 218.247.161.230

 

To get started go to Control Panel >>System and Security >> Windows Defender Firewall     and then on the left side list, click on Advanced Settings
then follow the example in the article cited above.

-  - - - - - -----------------------------

I  would recommend that if you have a internet-connection-router hardware at home,  that you look over this article
"How to Enable Your Wireless Router's Built-in Firewall"
https://www.lifewire.com/how-to-enable-your-wireless-routers-built-in-firewall-2487668

 

In most cases the attempted probes will automatically stop on their own. If it continues you can add the IP to the local firewall to prevent it from contacting the computer period.
If you wish to do so, here is one how-to guide for the Windows software firewall
https://www.interserver.net/tips/kb/add-ip-address-windows-firewall/

Additionally or alternatively, if this is on Windows 10 PRO  and if you do not need or use Remote Desktop,  you can turn that off.
https://www.tenforums.com/tutorials/92433-enable-disable-remote-desktop-connections-windows-10-pc.html


.

Here is how to block a port number in Windows

https://thegeekpage.com/how-to-block-ports-in-windows-10-firewall/

How to Change the port number for RDP

https://tunecomp.net/change-remote-desktop-port-windows-10/

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.