RDP Intrusion Detection

Short bio

RDP Intrusion Detection is an alert created by the Brute Force Protection setting within Malwarebytes' Nebula policy.

Malicious behavior

Repeated failed attempts may be an indication that someone is trying to get unauthorized access.

Protection

Malwarebytes blocks these repeated attempts to protect your access point against unauthorized access. More information about Brute Force Protection can be found in the KB article Configure Brute Force Protection in Malwarebytes Nebula.

Configuration

With Brute Force Protection enabled, the default setting is "monitor mode" which will trigger a Remote Intrusion Detection when your Windows Remote Desktop (RDP) sees 5 failed attempts within 5 minutes from the same IP address. You can change these settings under Policies >Default Policy>OS>Settings>Brute Force Protection.

Brute Force Protection

 

Related blog content

How to protect your RDP access from ransomware attacks

Brute force attacks increase due to more open RDP ports

Select your language

New Buy Online Partner Icon Warning Icon Edge icon