What is Remote Desktop?

Remote Desktop Protocol (RDP), commonly called Remote Desktop, allows you to connect to a PC from any location. If unprotected, hackers can use this security vulnerability to gain unwanted access to your PC.

How does Remote Access Shield help protect my PC?

Remote Access Shield helps you control which IP addresses can remotely access your PC and helps block all other connection attempts. Avast has a frequently updated database of known attackers, internet probes, and scanners to improve your protection from vulnerabilities. Remote Access Shield helps secure your PC by automatically blocking the following connections:

• Connections from known malicious IP addresses.
• Connections that attempt to exploit known vulnerabilities in Microsoft's Remote Desktop Protocol, such as BlueKeep.
• Brute-force attacks that repeatedly try to log in to your system with commonly used or stolen login credentials.

Avast alerts you each time Remote Access Shield blocks a connection.

How do I enable Remote Access Shield?

Remote Access Shield is a paid feature, and it is enabled by default in the latest version of Avast One. To ensure that Remote Access Shield is enabled:

1. Open Avast One and go to Explore ▸ Remote Access Shield ▸ Open Remote Access Shield.
2. Ensure the slider at the top is green (ON). We recommend keeping Remote Access Shield enabled at all times.

How can I manage Remote Access Shield's settings?

Remote Access Shield settings are configured by default to provide optimum protection. If you need to modify the default settings:

1. Open Avast One, and go to Explore ▸ Remote Access Shield ▸ Open Remote Access Shield.
2. Click the Settings tab.
3. Tick or untick the box next to the following features:
   • Enable RDP protection
   • Enable Samba protection
   • Send me notifications
   • Block brute-force attacks
   • Block malicious IP addresses
   • Block Remote Desktop exploits

You can additionally tick the box next to Allow only trusted connections if you want Remote Access Shield to block everything except trusted connections.

What is RDP protection?

Remote Desktop Protocol (RDP) allows a remote connection to access your PC. When RDP protection is enabled, Remote Access Shield monitors RDP connections to help block threats.

What is Samba protection?

Samba (SMB) allows a remote connection to share files in a network. When Samba protection is enabled, Remote Access Shield monitors SMB connections to help block threats.

How do I add trusted connections?

Remote Access Shield allows you to make a list of trusted connections. Trusted connections are allowed to connect while the Block all connections except the following option is enabled, provided they are safe, but they are not excluded from Remote Access Shield scanning. To block everything except trusted connections:

1. Open Avast One and go to Explore ▸ Remote Access Shield ▸ Open Remote Access Shield.
2. Click the Settings tab.
3. Tick the box next to Allow only trusted connections.
4. Click the Allowed IP addresses tab.
5. Click Add IP address.
6. Enter a trusted IP address or IP range, then click Add. Added connections are listed under Incoming connections from these addresses won't be blocked.

Why am I receiving threat detection alerts?

You may receive alerts when Remote Access Shield automatically blocks the following:

• High-risk IP addresses: Malicious IP addresses that are dangerous to RDP connections.
• Brute-force attacks: Multiple unsuccessful log in attempts trying to access your PC.
• Remote Desktop exploits: RDP vulnerabilities used by hackers to take control of your PC and spread malware.
• False positives: A threat alert can be triggered when a device unsuccessfully tries to connect multiple times in a row. These could be legitimate connection attempts from a misconfigured device (for example, a device using the wrong credentials), or the device may be infected with malware and trying to access other devices in the network.
  
  Determine whether a blocked connection is a false positive in the following ways:
  • If the IP address is inside your internal network, use Network Inspector to find which device is triggering alerts. We recommend scanning the device with antivirus software.
  • If the IP address is outside your internal network, check if it is a reported known attacker on https://www.abuseipdb.com/.

Where can I find information about connection attempts?

Open Avast One and go to Explore ▸ Remote Access Shield ▸ Open Remote Access Shield. Ensure that the Connection attempts tab is selected. The tab displays a list of all connection attempts, including the IP Address.

Internal network IP addresses usually have the following IP ranges:

• 10.0.0.0 – 10.255.255.255
• 172.16.0.0 – 172.31.255.255
• 192.168.0.0 – 192.168.255.255
• Beginning with "fe80", for example fe80::1ff:fe23:4567:890a

How to determine which device is triggering alerts?

To find the IP address of each device on your network:

1. Open Avast One and go to Explore ▸ Network Inspector ▸ Open Network Inspector.
2. Click Scan network.
3. After the scan, click Scan all devices.
4. Compare the blocked IP address with the IP addresses of each device on your network.

If the alert is a false positive, we recommend keeping Remote Access Shield enabled, but you can disable notifications.

What can I do if Remote Access Shield shows too many notifications?

We recommend keeping Remote Access Shield enabled at all times, but you can disable alerts. Go to Account ▸ Settings, then ensure that General tab is selected. Scroll down to Pop-up notifications treatment and click the button to select either Silent Mode + Threat alerts or Silent Mode.

How can I prevent further remote access attacks?

To protect your PC from threats:

• Use strong passwords, including capital letters, numbers, special characters, and phrases.
• Only allow trusted IP addresses to connect to your PC, and block all other connections.