Brute Force Protection is a Malwarebytes Nebula policy feature that detects and blocks brute-force attacks on your Windows™ endpoints. When login attempts are made through Windows protocols, this feature counts unsuccessful login attempts within a specified period of time and temporarily blocks the incoming IP address by creating a Windows Firewall block rule.
The following protocols are supported for this feature:
- Workstations and servers:
- RDP: Monitors Windows workstations and servers RDP protocol.
- Servers only:
- FTP: Monitors FTP server application included with Windows servers.
- IMAP: Monitors IMAP connections on Microsoft Exchange servers.
- Microsoft SQL: Monitors connections on Microsoft SQL servers and SQL Server Express.
- POP3:Monitors POP3 connections on Microsoft Exchange servers.
- SMTP: Monitors SMTP connections on Microsoft Exchange servers.
In order to enable Brute Force Protection, you need the following:
- An active subscription to one of these products:
- Malwarebytes Endpoint Protection
- Malwarebytes Endpoint Protection for Servers
- Malwarebytes Endpoint Detection and Response
- Malwarebytes Endpoint Detection and Response for Servers
- Your endpoints must be running:
- Workstations: minimum version Windows 7
- Servers: minimum version Windows Server 2008 R2
- Windows Firewall
To configure Brute Force Protection, see Configure Brute Force Protection in Nebula.
Return to the Malwarebytes Nebula Administrator Guide.