RDP Intrusion Detection

detection icon

Short bio

RDP Intrusion Detection is an alert created by the Brute Force Protection setting within Malwarebytes’ Nebula policy.

Malicious behavior

Repeated failed attempts may be an indication that someone is trying to get unauthorized access.


Malwarebytes blocks these repeated attempts to protect your access point against unauthorized access. More information about Brute Force Protection can be found in the KB article Configure Brute Force Protection in Malwarebytes Nebula.


With Brute Force Protection enabled, the default setting is “monitor mode” which will trigger a Remote Intrusion Detection when your Windows Remote Desktop (RDP) sees 5 failed attempts within 5 minutes from the same IP address. You can change these settings under Policies >Default Policy>OS>Settings>Brute Force Protection.

Brute Force Protection