Brute Force Protection is configured in the policy settings of your Malwarebytes Nebula console. Based on these configurations, the Malwarebytes Endpoint Agent monitors failed Remote Desktop Protocol (RDP) login attempts and creates a Windows™ Firewall rule to temporarily block the incoming IP address.
IMPORTANT: Enabling this feature may enable the Windows Firewall, depending on how attacks are handled in the Trigger rule:
- Block mode: Windows Firewall is automatically enabled; attacks are blocked and reported.
- Monitor and detect mode: Windows Firewall is not enabled; attacks are only reported.
To configure Brute Force Protection:
- Log in to Malwarebytes Nebula.
- In the left navigation pane, go to Settings > Policies.
- Select a policy.
- Select the Windows tab > Settings tab > scroll down to the Brute Force Protection section.
- Under Protected Protocols, switch on the RDP toggle.
- In the Port field, you may specify a port to monitor. If you don't know the port number across your protected endpoints, leave this field blank. When left blank, Malwarebytes monitors the port number already in use by the endpoint.
- Create a Trigger rule based on the number of failed remote login attempts within a certain minute range, which blocks the incoming IP address for a set number of minutes. In the dropdown menu, choose to either block the IP address, or monitor and detect the event.
- Optionally, switch the Prevent private network connections from being blocked toggle. When enabled, endpoints within private network address ranges will not trigger Brute Force Protection due to failed login attempts.
- Click Save at the top-right of your policy.
When your Brute Force Protection rule is triggered, the event is logged on your Detections page as a remote intrusion. If your rule is set to block, a Windows Firewall rule is created on the endpoint and the event displays on the Active Block Rules page. For more information, see Active Block Rules in Malwarebytes Nebula.
Return to the Malwarebytes Nebula platform Administrator Guide.