Jump to content

Inbound RTP detections since enabling Real-Time Protection yesterday


Recommended Posts

Hello,

There were more detections in the detection history list yesterday than what is shown on the image, the list got wiped when I updated from Windows 10 to 11, and reinstalled Malwarebytes today.

Detections seem to be sporadic.

I have done full scan with Malwarebytes, and HitmanPro, which did not find anything suspicious.

I attached the latest detection log. Thanks!

rtp.png

latest.txt

Link to post
Share on other sites

@Dizztah

The blocks are on addresses that are attempting to do a forced  attempt to exploit remote-desktop-protocol. 

The Real Time Protection of Malwarebytes for Windows  is actively doing it's job to protect the system.

In most cases the attempted probes will automatically stop on their own. If it continues you can add the IP to the local firewall to prevent it from contacting the computer period.
If you wish to do so, here is one how-to guide
https://www.interserver.net/tips/kb/add-ip-address-windows-firewall/

 

Link to post
Share on other sites

  • Root Admin

Not sure what you're using but today many ISP combine the modem and router, others still spit them to different units.

If you do own one or rent one, please see the following which should help.

 

If you own your own router and are not renting it from your Internet Service Provider

Please ensure that you have the user manual for your router. Then perform a factory reset.

How To Reset Your Router
https://setuprouter.com/networking/how-to-reset-your-router/

Depending on one's preferences and the Router's capabilities please consider the following.

  • Disable acceptance of ICMP Pings
  • Change the Default Router password using a Strong Password
  • Use a Strong WiFi password on WPA2 using AES encryption or Enable WPA3 if it is an option.
  • Disable Remote Management
  • Create separate WiFi networks for groups of devices with similar purposes to prevent an entire network of devices from being compromised if a malicious actor is able to gain unauthorized access to one device or network.
    Example: Keep IoT devices on one network and mobile devices on another.
  • Change the network name (SSID).  Do not use your; Name, Postal address or other personal information.  Make it unique or whimsical and known to your family/group.
  • Is the Router Firmware up-to-date ?  Updating the firmware mitigates exploitable vulnerabilities.
  • Specifically set Firewall rules to BLOCK;   TCP and UDP ports 135 ~ 139, 445, 1234, 3389, 5555 and 9034
  • Document passwords created and store them in a safe but accessible location.

 

 

Link to post
Share on other sites

@Porthos Thanks, I will look into one. I'm from Sweden by the way.

@AdvancedSetup Thank you for the info. To clarify, I'm from Sweden and I'm not using a typical modem or router setup like many homes in the USA. Instead, my apartment has a centralized network system.
I connect directly to an Ethernet wall jack without any intermediate devices like modems or routers in my apartment. I think The Ethernet wall jack that I'm connecting to likely connects to networking equipment elsewhere in the building, which in turn communicates my ISP.

Link to post
Share on other sites

  • Root Admin

All well and good, but as long as cost is not a factor. Personally I'd contact the apartment manager and inquire about any issues in purchasing your own router in the home so that you can control security at a much better level than you currently have going on.

You're basically fully at the whims of whoever controls the router (which obviously is not blocking outside probes). Not my cup of tea but I understand that we don't always have control over every element of our lives

Cheers and have a great day

 

 

Link to post
Share on other sites

Thanks again, I agree with the control part.

To be honest though, I have no clue for sure how it all works, I think I can still buy a router and use it here instead of directly connecting to the ethernet wall jack.

It has worked in the past so I don't think it would be an issue now.

  • Like 2
Link to post
Share on other sites

2 days later update:

My brother dropped by and gave me a router on the same day I created this topic. I set it up immediately, and there have been no new detections since then.

You were right, @Porthos, about being connected directly to my ISP modem. It seems that was indeed the issue.

Once again, thank you both for the quick responses and assistance. Much appreciated!

I hope this post serves as a helpful reference for anyone facing a similar issue in the future. Realizing the need for a router might be the simple solution they're looking for.

  • Like 1
  • Thanks 1
Link to post
Share on other sites

  • 5 weeks later...

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.