Link to home
Start Free TrialLog in
Avatar of Tarris89
Tarris89

asked on

Several Times a day RDP Guard shows multiple login (hundreds) Like Brute Force

I have a customer who runs ( No I didn't set it up ) Windows 7 / Thin stuff and RDP Guard
What is happening is Several Times a day RDP Guard shows multiple login (hundreds) Like Brute Force then RDP guard blocks IP addresses, Many of them being local machines that are not even turned on and at least several times a day it also blocks itself 127.0.0.1

I went last night to help him and scanned for viruses, Root kits, Malware, SFC, Baseline security scan, and Microsoft security scanner, all came up empty with no issues.
but the attacks continue. I have also checked the local machine for scripts etc.

ran port scans on the firewall found only 2 ports one going to a camera and one to RDP that points to the machine.

In addition I have been told from my friend that even if you remove the network cable  RDP Guard and the Windows Resource Monitor still shows as if attacks are happening RDP guard continues blocking IP addresses, so this is why I have focused on the local machine as an issue or having some sort of bug.


Any suggestions of where I should look next
SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Tarris89
Tarris89

ASKER

Changing the port does not do anything because even if you unplug the network it still shows as attacks and blocks IP addresses ( Local and Internet ), so It has to be something running on the machine. The only issue there is all scans come up clean, even checking for boot time scripts etc.

I will keep checking. Also tried to remove RDP guard and do a fresh install of it. but that didn't help.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Although the above solutions did help, the final answer after spending time with some antivirus and malware companies and spending a few hundred dollars they found a bug but could not tell us or help us remove it, We ended up changing ports for RDP and doing a complete reinstall of the system and software.
Problem solved.

Thank you guys