Tarris89
asked on
Several Times a day RDP Guard shows multiple login (hundreds) Like Brute Force
I have a customer who runs ( No I didn't set it up ) Windows 7 / Thin stuff and RDP Guard
What is happening is Several Times a day RDP Guard shows multiple login (hundreds) Like Brute Force then RDP guard blocks IP addresses, Many of them being local machines that are not even turned on and at least several times a day it also blocks itself 127.0.0.1
I went last night to help him and scanned for viruses, Root kits, Malware, SFC, Baseline security scan, and Microsoft security scanner, all came up empty with no issues.
but the attacks continue. I have also checked the local machine for scripts etc.
ran port scans on the firewall found only 2 ports one going to a camera and one to RDP that points to the machine.
In addition I have been told from my friend that even if you remove the network cable RDP Guard and the Windows Resource Monitor still shows as if attacks are happening RDP guard continues blocking IP addresses, so this is why I have focused on the local machine as an issue or having some sort of bug.
Any suggestions of where I should look next
What is happening is Several Times a day RDP Guard shows multiple login (hundreds) Like Brute Force then RDP guard blocks IP addresses, Many of them being local machines that are not even turned on and at least several times a day it also blocks itself 127.0.0.1
I went last night to help him and scanned for viruses, Root kits, Malware, SFC, Baseline security scan, and Microsoft security scanner, all came up empty with no issues.
but the attacks continue. I have also checked the local machine for scripts etc.
ran port scans on the firewall found only 2 ports one going to a camera and one to RDP that points to the machine.
In addition I have been told from my friend that even if you remove the network cable RDP Guard and the Windows Resource Monitor still shows as if attacks are happening RDP guard continues blocking IP addresses, so this is why I have focused on the local machine as an issue or having some sort of bug.
Any suggestions of where I should look next
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Although the above solutions did help, the final answer after spending time with some antivirus and malware companies and spending a few hundred dollars they found a bug but could not tell us or help us remove it, We ended up changing ports for RDP and doing a complete reinstall of the system and software.
Problem solved.
Thank you guys
Problem solved.
Thank you guys
ASKER
I will keep checking. Also tried to remove RDP guard and do a fresh install of it. but that didn't help.