Yes, we provide a trial version. RdpGuard includes a fully functional
30-day free trial. Feel free to install it on your server to see how it works
for your use case.
Select Purchase Order as the payment method and follow the
on-screen instructions to generate the invoice.
The license will be sent automatically once the payment is received in full.
Is the RdpGuard license a one-time purchase or a subscription?
The RdpGuard license is a one-time purchase and is lifetime. Each license includes one
year of maintenance, which covers free upgrades, support, and access to
IP Cloud and
Geo-IP services.
After the first year, you may continue using your current version indefinitely.
All brute-force attacks on the machine will still be detected and blocked,
but you will no longer receive updates from
IP Cloud and
Geo-IP services
If you wish to continue receiving updates and support beyond the first year,
you can purchase an additional year of maintenance for $49.95.
Attach your wire transfer confirmation or transfer advice so the e-commerce team can
locate the payment and process your order.
We apologize for any inconvenience.
How do I activate my license key?
Please follow the steps below to activate your license key:
Start RdpGuard Dashboard
Click Help, then Product Activation
Enter your license key into the corresponding text box
Click Activate
How do I activate the license offline?
Please follow the steps below to perform offline activation:
Click Help, then Product Activation
Double-click on the key icon
The Offline Activation window will open
Follow the on-screen instructions to generate an activation request
How do I transfer my license to another PC?
Please follow the steps below to transfer your license to another PC:
Click Help, then Product Activation on the first PC.
Click Deactivate Pro license on this computer.
Activate your license on the new PC.
If you need us to recover the key associated with the old machine, please open
Help, then Product Activation on the old PC and provide us with the Hardware ID.
Is RdpGuard licensed per machine or per user?
RdpGuard is licensed per machine. You need to obtain a license for each PC.
We offer volume discounts for multi-license orders. You can find more details on the following page:
https://rdpguard.com/purchase.aspx.
I just installed RdpGuard, but it says the trial is expired.
Please make sure that the RdpGuard service (rdpguard-svc.exe) is allowed
to contact the activation server at rdpguard.com on port 443.
This is required to activate the trial.
To allow Internet access for the RdpGuard service:
Open Windows Firewall and allow Internet access for
C:\Program Files (x86)\RdpGuard\rdpguard-svc.exe.
If you are using a third-party firewall, ensure that the RdpGuard service is allowed Internet access as well.
How does the maintenance upgrade work, and can it be adjusted if I renew early?
Please note that by default, the maintenance period starts from the purchase date.
If you would like to purchase it before the expiration of your existing maintenance,
please contact us once you complete your order, and we will adjust the dates accordingly.
Can I purchase RdpGuard for reselling or on behalf of a customer?
Feel free to purchase the required number of RdpGuard
licenses for reselling or on behalf of your customer.
You may specify your contact details during the purchase, as the license is not bound to the purchaser.
The license is delivered immediately to the e-mail you specify during the purchase.
Do you have a reseller in my country?
We sell our products through FastSpring, the official reseller of RdpGuard software worldwide.
FastSpring operates in all countries, supports multiple local payment methods,
and provides all necessary documents and invoices for your purchase.
I downloaded the installer and double-clicked it, but nothing happens.
Windows Server has various security restrictions that may prevent downloaded files from executing.
One such feature can lock files, making them unresponsive when opened.
If you downloaded the RdpGuard installer but it doesn't start when double-clicked,
it is likely blocked by the system. To resolve this, follow these steps:
Right-click the installer file.
Select Properties.
Go to the General tab.
At the bottom, look for a security warning that says the file is blocked.
Check the Unblock checkbox and click Apply.
Once the file is unblocked, you should be able to install RdpGuard without issues.
What should I do if the RdpGuard service does not start on system startup?
You may try the following steps:
Open Control Panel, Administrative Tools, Services.
Find RdpGuardService, right-click it, and select Properties.
Set the Startup type to Automatic (Delayed Start).
This should help if the RdpGuard service does not start during system startup.
How can I automate the RdpGuard service check and restart if it's not running?
You can automate the RdpGuard service check and restart using a batch file executed by Windows Task Scheduler
every 5 minutes or so. Use the following script:
@echo off
Rem Look for the RdpGuard service in the list of started services
net start | find /i "RdpGuard"
Rem if not found, start it
if "%%errorlevel%%"=="1" (
net start "RdpGuardService"
)
I enabled Geo-IP, but I still see failed login attempts from blocked countries.
Please ensure that the Test Mode
option is turned off. In RdpGuard versions prior to 9.9.7, this option was named "Dry run".
This feature is designed for safe configuration testing, ensuring that any potential access control errors
can be rectified by simply restarting the server, thereby restoring remote access for recovery purposes.
Why do I see failed login attempts from local IP addresses?
These local IP addresses are recorded in your system event logs.
If you check the Security event log, you may find corresponding 4625 events with these addresses.
Please review the event details for troubleshooting.
This event is generated for failed login attempts, including:
Failed RDP connections
Unsuccessful access to network shares or printers
Failed authentication attempts by local processes, such as:
Processes requiring user elevation
Scheduled tasks running under specific accounts
Services attempting to start with incorrect credentials
The exact reason depends on your system configuration. In most cases, these messages can be safely ignored unless they indicate an actual security concern.
I configured RdpGuard to block after 3 failed attempts, but it allows more.
This issue occurs because many servers do not update the event log in real time,
often for performance reasons. RdpGuard polls the logs every second to detect failed attempts.
If an attacker is generating failed login attempts at a high rate, they may be able to exceed
the configured limit before RdpGuard detects and processes the events. Unfortunately,
this delay is due to how event logs are updated by the server software.
Why does RdpGuard detect failed login attempts when using the Mac RDP client?
This is a known issue with the Mac RDP client. It appears to perform a
"test" connection attempt before the user enters the password,
which results in a failed login attempt on the server.
Unfortunately, there is no way to distinguish these attempts from actual
brute-force attacks, so there is currently no workaround.
You may consider the following options:
Whitelist the client's address in Tools, Whitelist.
Increase the number of allowed failed login attempts in Tools, Options, General.
Why do I see failed login attempts from a local network (gateway) IP address?
The most common reason for seeing a local network (gateway) address in 4625 events
is that the router, firewall, or gateway is masking the real IP addresses of incoming connections.
Unfortunately, this behavior is controlled by the network device, and there is nothing RdpGuard can change on its side.
You may be able to adjust this behavior in your router/firewall/gateway settings.
We recommend checking the NAT configuration and consulting the device manufacturer or network administrator for more details.
Based on customer feedback, this issue can often be resolved by configuring proper NAT settings
on the router/firewall/gateway to preserve the original source IP.
I installed RdpGuard, but no IP addresses are being blocked.
There are a few possible reasons why no IP addresses are being blocked:
Your system is not under attack.
Check the Security event log and the CoreTS log in Event Viewer: Event Viewer, Applications and Services Logs, Microsoft, Windows, RemoteDesktopServices-RdpCoreTS, Operational.
If there are no corresponding events, then no failed login attempts have occurred.
Proactive protection by IP Cloud.
With an active RdpGuard license, all suspicious addresses may have already been blocked
by the IP Cloud before they even had a chance to attempt a login.
Why do I see the error "Failed to start RD-WEB engine <..> unable to find RDWebAccess website"?
This error indicates that RDP access via a web browser (RD Web Access) is not configured on your server.
RD Web Access is different from standard RDP and is usually disabled on servers by default.
If you are not accessing your server desktop via a web browser, you do not need to enable
the RD-Web Access detection engine.
Why do I see more failed login attempts for RD-WEB than the configured limit?
Yes, it is possible to see more failed login attempts for RD-WEB than the configured limit,
but the offending IP address is still blocked.
This is a known issue with RD-WEB.
The problem is that IIS does not update logs in real time, likely for performance reasons,
and RdpGuard polls the logs every second for efficiency.
When an attack occurs at a high rate, an attacker may be able to perform more login attempts
than the configured limit before RdpGuard detects them.
Unfortunately, the only real solution would be for Microsoft to update IIS logs more frequently
or include the source IP address in 4625 system event log entries for IIS authentication failures.
However, RdpGuard is still effectively mitigating brute-force attacks.
Instead of attackers brute-forcing your RD-WEB access for days and making
tens of thousands of attempts, they are now limited to only a few dozen.
Is there an option to permanently block an IP address?
Thank you for your feedback, but this option was intentionally removed.
The permanent ban option led to thousands of blocked IP addresses,
which could cause various issues, including system slowdowns.
We believe that a temporary block is sufficient to stop brute-force
attacks or render them ineffective.
The maximum ban period is 8,760 hours (365 days), which should be
sufficient to mitigate brute-force attacks. You can configure this setting in:
Tools, Options, General.
You can find the log files in the following location:
%ProgramData%\RdpGuard\Logs
Note:%ProgramData% is a hidden folder.
You can access it by pasting the path into the Windows Explorer address bar or the Win + R dialog.
Does RdpGuard protect OWA and ActiveSync?
Yes, OWA and ActiveSync protocols are covered by RDP protection.
Both OWA and ActiveSync generate the same 4625 events as RDP,
so enabling RDP protection in RdpGuard will also monitor and block
failed login attempts for these protocols.
RdpGuard includes a fully functional 30-day free trial. Feel free
to install it on your server to test how it works for your use case.
Does RdpGuard support RD Gateway or Connection Broker setups?
Unfortunately, RD Gateway and Connection Broker setups are not supported at this time.
However, we appreciate your suggestion and will consider this feature for future versions.
RdpGuard is designed for single servers that are directly exposed to the Internet.
When installed on an RD Gateway, RdpGuard will only protect the server itself and
not the hosts whose connections pass through it.
With IP Cloud, you can block many active IP addresses currently used for brute-force
attacks worldwide.
Can I transfer RdpGuard settings to a new machine?
Yes, you can transfer RdpGuard settings by copying the configuration files from:
%ProgramData%\RdpGuard
Note: The %ProgramData% folder is hidden. You can access it by pasting the path
into the Windows Explorer address bar or the Win + R dialog.
Before copying the files to the new machine, stop the RdpGuard service.
After copying the files, restart the RdpGuard service on the new machine.
We are receiving many 4625 Event IDs in Event Viewer, but the 'Source Network Address' is blank on Windows Server 2008. How does RdpGuard detect IPs in this case?
Failed logon attempts over SSL/TLS do not log the attacker's IP address
in Windows Server 2008 and Windows Server 2008 R2.
In such cases, RdpGuard uses an alternative, socket-based approach
to detect the attacker's IP address.
To enable failed logon detection over SSL/TLS on Windows Server 2008, follow these steps:
"This sotware is really great. It's a relief. Because my server is constantly under attack. Thanks RdpGuard"
- Joaquim De Sousa Marques
"Nice product. I used to implement something similiar in a low-tech and cumbersome manner via a script called
TSBlock (not mine). This makes it much easier and is well worth the pricetag for SMB's."
- J. Johnson
"Absolutely amazed at your product. We are a church in the North Dallas area,
and I discovered this morning multiple failed logon attempts via our Remote Access Server.
A friend suggested your product, so I immediately downloaded the trial.
It had a list of about five blocked IP addresses in minutes, and that was enough to
lead me to push the BUY button. Over the past 10-15 minutes the list is now about thirty with at least a
third being international attempts to break into our system.
Thanks for a great product. You may have just saved us much grief."
- John Hallford
"Love the software. RDP on our Windows servers is just ridiculous.
We would block it in the router but we have lots of old-time customers that would have issues."
- Scott Hirsch
"Love the software! Makes it easier than tailoring VB Scripts!!"
- Nick Brennan
"It's a great product - really stopping those RDP attackers :-)"
- Dave, UK
"First of all: Your application is very (!!!) useful and I like it very much securing my 2012 R2 server.
RdpGuard is the best solution, I found on the market and after 10 minutes of testing it I ordered the fully-featured version. :-)"
- Carsten Baltes
