Is there any updates to this? I'm troubleshooting the same problem and would like to know how this turned out.
Thank you for clarifying, Eric. We'd like to offer our additional support to sort this in a timely manner. In order to do so, we request you to write back to us in your own post. Thank you for your understanding in advance!
Hello Ian,
We'll certainly look into this and help you.
Please share us the screenshot of the threat message you received from AVG, so that we can check and assist you further.
You can post the screenshot here in your topic. Click on Answer & then click on the Image [mountain symbol] & follow the instructions.
Note: Kindly click on "See Details" on the threat message and then share us the screenshot.
Thanks in advance. Keep us updated.
I run a home network which is mainly PC's, our Sky system and our SONOS. My daughter had a MacBook Air which she has just upgraded to MacBook Pro. She just connects to our router for internet access.
Since she started using her new machine I have had reports from AVG of an SMB:BruteForce attach on my main PC.
Does anyone have any clues about what is going on?
Thanks,
Ian.
I just started getting the exact same thing on my Windows machine starting a few days ago (late October) Screenshot is below; the IP address matches my Mac (Catalina, 10.15.7), with no apps visibly running, and AVG for Mac installed. I've run a deep scan on the mac, with nothing found.
I can't find any logs on my windows box that would help to troubleshoot - e.g., is this in fact port 3389, or one of the alternate RDP ports? What username/password is being tried? When was the event detected? How frequently was it?
Any ideas for how to track this down would be greatly appreciated.
Is there any updates to this? I'm troubleshooting the same problem and would like to know how this turned out.
What was the final solution to this?
Hello Ian,
We'll certainly look into this and help you.
Please share us the screenshot of the threat message you received from AVG, so that we can check and assist you further.
You can post the screenshot here in your topic. Click on Answer & then click on the Image [mountain symbol] & follow the instructions.
Note: Kindly click on "See Details" on the threat message and then share us the screenshot.
Thanks in advance. Keep us updated.
Here is the screenshot; the IP address matches my Mac:
Hello Eric,
We'll certainly check & clarify this for you.
Remote Access Shield allows you to control which IP addresses are allowed to connect remotely to your PC, and blocks all unauthorized connection attempts.
By default, Remote Access Shield blocks the following connections:
- Connections from high-risk IP addresses.
- Connections that attempt to use known vulnerabilities in Microsoft's Remote Desktop Protocol, such as BlueKeep.
- Brute-force attacks that work by repeatedly trying to log in to your system with commonly used or stolen login credentials.
Also, do you recognize/trust the ip address mentioned in the threat message?
Upon your response, we'll forward your concerns to our higher level support for further clarification.
Thank you for understanding. Keep us updated.
Yes, that IP is from my Mac. So I completely recognize it. I'm just concerned because I don't know why my mac is probing my Windows' machine's RDP. And I can't diagnose it because I can't view the specific port or the specific username/email being used.
I actually have tried allowing RDP to my windows machine but haven't yet done so successfully (and haven't spent the time to debug it). But that's for explicit connections - via the Microsoft RDP app - from the Mac. I'm getting this message multiple times a day without having done anything on my Mac, and that makes me worried, which is why I haven't ignored the message or checked "Don't show this again".
But the bigger concern: if this is some malware on my Mac, why hasn't AVG caught it there, since I am running AVG on my Mac?