Is there an option to never unblock/unban an IP address? In other words to permanently block the IP addresses.
Thank you for your feedback, but this option was removed intentionally.
Permanent ban option was the reason for thousands of blocked IP
addresses, which may cause various problems, including system slowdown.
We believe that temporary block should be enough to stop brute-force
attacks or make them ineffective.
I installed it on a client version of Windows (Vista/7/8/8.1/10) and it doesn't detect anything.
I also don't see any events in the Security event log. How do i adjust audit policy settings?
, click All Programs
, and then click Accessories
Right-click Command prompt
, and then click Run as administrator
In command prompt window enter the following command and press Enter:
auditpol /set /subcategory:Logon /success:enable /failure:enable
Is there a way to unblock only one IP?
Does it continue to run when I'm logged out? Or does it need to run as a service?
RdpGuard works as a service, protection works even if nobody is logged
in. RdpGuard service is automatically installed during RdpGuard
installation. The service starts automatically during computer start
You can close the RdpGuard Dashboard and log off, RdpGuard service will continue in background.
Eventhough I see an IP address in the Blocked IPs list and I also
see it as an inbound firewall rule, I am still seeing failed
attempts from those 'blocked' IP addresses.
It might be the Windows Firewall misconfiguration, or, probably it is not
enabled for all network profiles.
Please check Windows Firewall settings or change blocking method to IP
Security Policies in Tools, Options, General
Do you have to turn on the Windows Firewall on an RDP server for the
RDPGuard software to work? We generally do not have the firewall turned on.
RdpGuard may work without Windows Firewall.
You will need to open Tools, Options, General and change blocking
method from Windows Firewall to IP Security Policy.
How do i make RdpGuard listen on a port other than 3389?
RdpGuard works with custom RDP port without additional configuration.
It should detect the port automatically.
What is the difference in Blocking Methods? Does one have advantages over the other?
Default blocking method is Windows Firewall and we recommend to use it when possible.
But sometimes Windows Firewall is turned off, for example when 3-rd
party firewall is installed. In such a case, we offer alternate
blocking method - IP Security Policies.
Both blocking methods are equally effective.
We are receiving many 4625 Event IDs in our Event Viewer.
We can not determine "Source Network Address" because it is blank in Windows Server 2008.
How do you add the IP blocks to the Firewall in those cases.
Yes, failed logon attempts via SSL(TLS) do not log attacker's ip
address on Windows Server 2008 and Window Server 2008 R2
In such a case RdpGuard uses alternate, socket-based, approach in
order to detect attacker's IP address.
In order to detect failed logon attempts via SSL(TSL) on Windows Server 2008
the following additional steps are required:
Install WinPcap from https://www.winpcap.org/install/default.htm
Restart RdpGuard Service via 'Tools, RdpGuard Service, Restart'
Open Rdp Settings and change monitoring method to WinPcap
RdpGuard is running fine on our old XP/2003/2008 Server but some elements like images aren't displaying properly in RdpGuard Dashboard.
The GUI is HTML-based and uses the part of Internet Explorer in order to render
HTML. Please try to install the latest version of Internet
Explorer and/or corresponding updates.
Is the RdpGuard License perpetual?
This is one time fee and your License is lifetime. Each license
includes one year of free upgrades and support. This means that you
are eligible for free upgrades within one year from your purchase.
After the one year is over you may continue use your current version
as long as you wish, or you may purchase another year of upgrades
(about 50% from the original price)
I just installed RdpGuard, but it shows the Trial is expired.
Please make sure RdpGuard Service (rdpguard-svc.exe
allowed to contact activation server at rdpguard.com:443
This is required to obtain the trial.
Try to open Windows Firewall and allow Internet access for RdpGuard
service process (C:\Program Files (x86)\RdpGuard\rdpguard-svc.exe)
If you are using 3-rd party Firewall, allow Internet access for RdpGuard
service as well.