Has this been resolved? Others could use the information. This is also happening to me.
Was there a solution to this problem? I'm experiencing the same problem.
Hello Bobby,
We request you to create a separate AVG community post by clicking the link below and post your questions in your own post, so we will certainly check and help you with additional support.
https://support.avg.com/support_ask
Thank you for your understanding.
I just started getting this on my Windows machine starting a few days ago (late October) Screenshot is below; the IP address matches my Mac (Catalina, 10.15.7), with no apps visibly running, and AVG for Mac installed. I've run a deep scan on the mac, with nothing found.
I can't find any logs on my windows box that would help to troubleshoot - e.g., is this in fact port 3389, or one of the alternate RDP ports? What username/password is being tried? When was the event detected? How frequently was it?
That IP is from my Mac. So I completely recognize it. I'm just concerned because I don't know why my mac is probing my Windows' machine's RDP. And I can't diagnose it because I can't view the specific port or the specific username/email being used.
I actually have tried allowing RDP to my windows machine but haven't yet done so successfully (and haven't spent the time to debug it). But that's for explicit connections - via the Microsoft RDP app - from the Mac. I'm getting this message multiple times a day without having done anything on my Mac, and that makes me worried, which is why I haven't ignored the message or checked "Don't show this again".
But the bigger concern: if this is some malware on my Mac, why hasn't AVG caught it there, since I am running AVG on my Mac?
I've actually got some new information: I just fired up windows on my mac (via Parallels) and wanted to pull a file from my PC. When I try to view a file share on my PC, though, the above screen pops up, incorrectly interpreting the attempt to share a file as an RDP attempt.
From windows on my mac, if I go into a command prompt and type "net view berman05" (my PC's name), it says "The network path was not found." If I disable AVG on my PC, then the net view command works great.
So it appears this false positive may be from confusing file sharing with remote desktop??? I'm on an intranet, I do share files, that's legitimate.
So what settings should I have so that I can get to \berman05\fileshare\xxx from other PCs in the house that are on the same intranet?
Hello Scott.
Remote Access Shield allows you to control which IP addresses are allowed to connect remotely to your PC, and blocks all unauthorized connection attempts.
When one or more devices are connected in a same network and exchange files or folders between them might trigger remote access shield to block that attempt to access.
So if the IP address that has been blocked is of a known device, you can allow it or you can be assured since remote access shield has blocked the connection.
Thanks for this post Eric. The same is happening to me as well. Relieve to hear it is most likely a FP but little disappointed by the support. I guess I won't be renewing my trial after it expires.
Hey Guys,
I found the bug…
My Issues:
AVG Internet Security blocking allowed, legit LAN connections in remote access shield
Flagged as - SMB: Brute Force Attempt
Disable "Enable Samba protection" in Remote Access Shield to Fix it, it's classifying SMB as Samba…
Let's get on the ball AVG, this is an unacceptable bug…Love Ya… :-/
Hello Eric. Thank you very much for taking the time to communicate with AVG and I apologize for the delayed response. My name is Shawn and I am writing to you on behalf of the AVG Senior Support team.
Generally speaking, brute-force attacks are tricky to diagnose. AVG detects and blocks brute-force attacks by counting the unsuccessful login attempts within a specified period of time and blocks the IP address associated with these failed attempts. If there was a brute-force attack coming from your IP, the said IP is on the blacklist for 24 hours from when the attack occurred. Regrettably, putting the IP on the allowed list does not beat the blacklist.
Yes, still happening after reboot of both machines. Super frustrating too, since the pop-up steals focus from whatever I'm doing. I went into keychain on my Mac to remove all SMB passwords; none were for my PC, but I removed the others anyhow. I'd love to get some logs - I could probably figure out a bunch if I knew simple things like just what share it's trying to connect to, or what username it's using. But I can't find any diagnostic information. Why isn't that exposed for me to self-diagnose?
Any update? This is still happening frequently.
Thanks for this post Eric. The same is happening to me as well. Relieve to hear it is most likely a FP but little disappointed by the support. I guess I won't be renewing my trial after it expires.
Thanks. The Mac wasn't being used at the time of the alert and the user account on the mac has no administrative rights. From what I can tell, these machines are not sharing files. It sounds like with both of these devices on a home network, this may be a false positive?
Hello Scott.
Remote Access Shield allows you to control which IP addresses are allowed to connect remotely to your PC, and blocks all unauthorized connection attempts.
When one or more devices are connected in a same network and exchange files or folders between them might trigger remote access shield to block that attempt to access.
So if the IP address that has been blocked is of a known device, you can allow it or you can be assured since remote access shield has blocked the connection.
Hello Eric. Thank you very much for taking the time to communicate with AVG and I apologize for the delayed response. My name is Shawn and I am writing to you on behalf of the AVG Senior Support team.
Generally speaking, brute-force attacks are tricky to diagnose. AVG detects and blocks brute-force attacks by counting the unsuccessful login attempts within a specified period of time and blocks the IP address associated with these failed attempts. If there was a brute-force attack coming from your IP, the said IP is on the blacklist for 24 hours from when the attack occurred. Regrettably, putting the IP on the allowed list does not beat the blacklist.
From your messages, we see that the IP address is your MAC's. In this regard, you can add the IP address to exclude it.
To do so : Open AVG Internet Security - Menu - Settings - Full protection - Remote access shield - Click on Add below 'Block all connections except' & add the IP address of your network computer.
Please try the above step & let us know if it helps.
Any update? This is still happening frequently.
As a troubleshoot, I suggest checking your login credentials ensuring a strong password, to reboot both computers and check if the disruption persists. If the disruption continues, write back and let us know, and we will provide instruction to collect SysInfo logs for our Threat Lab team to further analyze.
Thank you for your time and effort. Good luck. Let us know how this works for you. Regards, Shawn
Was there a solution to this problem? I'm experiencing the same problem.
Thanks. Still happening sporadically. I'm assuming it is indeed a false positive, but uncomfortable disabling RDP protection in case it isn't…