Is there an option to never unblock/unban an IP address? In other words to permanently block the IP addresses.
Thank you for your feedback, but this option was removed intentionally.
Permanent ban option was the reason for thousands of blocked IP
addresses, which may cause various problems, including system slowdown.
We believe that temporary block should be enough to stop brute-force
attacks or make them ineffective.
I installed it on a client version of Windows (Vista/7/8/8.1/10) and it doesn't detect anything.
I also don't see any events in the Security event log. How do i adjust audit policy settings?
, click All Programs
, and then click Accessories
Right-click Command prompt
, and then click Run as administrator
In command prompt window enter the following command and press Enter:
auditpol /set /subcategory:Logon /success:enable /failure:enable
Is there a way to unblock only one IP?
Does it continue to run when I'm logged out? Or does it need to run as a service?
RdpGuard works as a service, protection works even if nobody is logged
in. RdpGuard service is automatically installed during RdpGuard
installation. The service starts automatically during computer start
You can close the RdpGuard Dashboard and log off, RdpGuard service will continue in background.
Do you have to turn on the Windows Firewall on an RDP server for the
RDPGuard software to work? We generally do not have the Windows Firewall turned on.
Windows Firewall is not used at all. RdpGuard works with Windows Filtering Platform directly to block IP addresses.
How do i make RdpGuard listen on a port other than 3389?
RdpGuard works with custom RDP port without additional configuration.
It should detect the port automatically.
What is the difference in Blocking Methods? Does one have advantages over the other?
Default blocking method is Windows Filtering Platform and we recommend to use it when possible.
Other blocking methods are for backward compatibility only and are not recommended.
We are receiving many 4625 Event IDs in our Event Viewer.
We can not determine "Source Network Address" because it is blank in Windows Server 2008.
How do you detect IP addresses in those cases?
Yes, failed logon attempts via SSL(TLS) do not log attacker's IP
address on Windows Server 2008 and Window Server 2008 R2
In such a case RdpGuard uses alternate, socket-based, approach in
order to detect attacker's IP address.
In order to detect failed logon attempts via SSL(TSL) on Windows Server 2008
the following additional steps are required:
RdpGuard is running fine on our old XP/2003/2008 Server but some elements like images aren't displaying properly in RdpGuard Dashboard.
RdpGuard Dashboard is HTML based and uses the Internet Explorer engine in order to render
HTML. Please install the most recent version of Internet Explorer and corresponding updates.
Is the RdpGuard License perpetual?
This is one time fee and your License is lifetime. Each license
includes one year of free upgrades, support and access to IP Cloud and Geo IP services.
This means that you are eligible for free upgrades within one year from your purchase.
After the one year is over you may continue use your current version
as long as you wish, or you may purchase another year of upgrades for $49.95
I just installed RdpGuard, but it shows the Trial is expired.
Please make sure RdpGuard Service (rdpguard-svc.exe
allowed to contact activation server at rdpguard.com at port 443
This is required to obtain the trial.
Please open Windows Firewall and allow Internet access for RdpGuard
service process (C:\Program Files (x86)\RdpGuard\rdpguard-svc.exe)
If you are using 3-rd party Firewall, allow Internet access for RdpGuard
service as well.