Cybercriminals may try to gain remote access to your devices by submitting many passwords in hopes of guessing one correctly. This is also known as a brute force attack. Our Brute Force Protection (BFP) feature monitors Microsoft's Remote Desktop Protocol by protecting your devices from suspicious connections via remote devices. It temporarily blocks IP addresses with suspicious login attempts and notifies you of the blocks. You can also customize the criteria for a brute force attack using the additional settings.
Note: BFP is an opt-in feature and is available only for Malwarebytes for Windows and Malwarebytes for Teams users. Ensure that you update the app to the latest version to avail this feature. See System requirements for Malwarebytes for Windows to check if your device is compatible with the latest version.
Enable Brute Force Protection
To enable BFP:
- Open Malwarebytes for Windows
application from your desktop.
- Click the Settings
icon and select the Security tab.
- Switch on the toggle under the Brute Force Protection section.
Note: Turning on this feature does not enable the Remote Desktop Protocol if you have not enabled it in your Windows settings.
Advanced Settings
Once Brute Force protection is enabled, you can further customize the criteria for blocking the suspicious IP address:
- Click Advanced under Remote Desktop Protocol (RDP).
- Click the Edit
icon in the top right corner of the window that appears.
- We recommend to retain the existing value in the Port field. However, you can change the value based on your protocol requirements. You can also click Restore default to go back to the default value.
- Configure a Trigger rule depending on how many failed logins are attempted within a certain timeframe and how many minutes you want to block the IP address.
- Click Save.
Note: BFP will not block devices connected to your private network.
Return to Malwarebytes for Windows guide.