I have a customer who runs ( No I didn't set it up ) Windows 7 / Thin stuff and RDP Guard
What is happening is Several Times a day RDP Guard shows multiple login (hundreds) Like Brute Force then RDP guard blocks IP addresses, Many of them being local machines that are not even turned on and at least several times a day it also blocks itself 127.0.0.1
I went last night to help him and scanned for viruses, Root kits, Malware, SFC, Baseline security scan, and Microsoft security scanner, all came up empty with no issues.
but the attacks continue. I have also checked the local machine for scripts etc.
ran port scans on the firewall found only 2 ports one going to a camera and one to RDP that points to the machine.
In addition I have been told from my friend that even if you remove the network cable RDP Guard and the Windows Resource Monitor still shows as if attacks are happening RDP guard continues blocking IP addresses, so this is why I have focused on the local machine as an issue or having some sort of bug.
Any suggestions of where I should look next