Remote Access Shield - FAQs

What is Remote Desktop?

Remote Desktop Protocol (RDP), commonly called Remote Desktop, allows you to connect to a PC from any location. If your PC is unprotected, hackers can use this security vulnerability to gain unauthorized access to your PC.

How does Remote Access Shield protect my PC?

Remote Access Shield allows you to control which IP addresses can remotely access your PC, and blocks all other connection attempts. AVG has a frequently updated database of known attackers, internet probes, and scanners to ensure your protection from vulnerabilities. Remote Access Shield protects your PC by automatically blocking the following connections:

• Connections from known malicious IP addresses.
• Connections that attempt to exploit known vulnerabilities in Microsoft's Remote Desktop Protocol, such as BlueKeep.
• Brute-force attacks that repeatedly try to log in to your system with commonly used or stolen login credentials.

AVG alerts you each time Remote Access Shield blocks a connection.

How do I enable Remote Access Shield?

Remote Access Shield is enabled by default in the latest version of AVG Internet Security. To ensure that Remote Access Shield is enabled:

1. Open AVG Internet Security and go to Hacker Attacks.
2. Click the Open button above Remote Access Shield.
3. Ensure the slider at the top of the screen is green (ON). We recommend keeping Remote Access Shield enabled at all times.

How can I manage Remote Access Shield settings?

Remote Access Shield settings are configured by default to provide optimum protection. If you need to modify the default settings:

1. Open AVG Internet Security, and go to ☰ Menu ▸ Settings.
2. Select Full protection ▸ Remote Access Shield in the left panel.
3. Tick or untick the box next to the following settings:
   • Enable RDP protection
   • Enable Samba protection
   • Notify me about blocked connection attempts
   • Block brute-force attacks
   • Block malicious IP addresses
   • Block Remote Desktop exploits

You can additionally tick the box next to Block all connections except the following if you want Remote Access Shield to exclude trusted connections.

What is RDP protection?

Remote Desktop Protocol (RDP) allows a remote connection to access your PC. When RDP protection is enabled, Remote Access Shield monitors RDP connections to block any threats.

What is Samba protection?

Samba (SMB) allows a remote connection to share files in a network. When Samba protection is enabled, Remote Access Shield monitors SMB connections to block any threats.

How do I add trusted connections?

To add an IP address or IP range that is always allowed to connect remotely to your PC:

1. Open AVG Internet Security and go to ☰ Menu ▸ Settings.
2. Select Full protection ▸ Remote Access Shield in the left panel.
3. Tick the box next to Block all connections except the following.
4. Under Block all connections except the following, click Add.
5. Enter a trusted IP address or IP range, then click Allow. Added connections appear below the Add button.

Why am I receiving threat detection alerts?

You may receive alerts when Remote Access Shield automatically blocks the following:

• High-risk IP addresses: Malicious IP addresses that are dangerous to RDP connections.
• Brute-force attacks: Multiple unsuccessful log in attempts trying to access your PC.
• Remote Desktop exploits: RDP vulnerabilities used by hackers to take control of your PC and spread malware.
• False positives: A threat alert can be triggered when a device unsuccessfully tries to connect multiple times in a row. These could be legitimate connection attempts from a misconfigured device (for example, a device using the wrong credentials), or the device may be infected with malware and trying to access other devices in the network. Determine whether a blocked connection is a false positive in the following ways:
• If the IP address is inside your internal network, use AVG Network Inspector to find which device is triggering alerts. We recommend scanning the device with antivirus software.
• If the IP address is outside your internal network, check if it is a reported known attacker on https://www.abuseipdb.com/.

Where can I find information about connection attempts?

Open AVG Internet Security and go to Hacker Attacks, then click the Open button above Remote Access Shield. The main screen displays a list of all connection attempts, including the IP Address.

Internal network IP addresses usually have the following IP ranges:

• 10.0.0.0 – 10.255.255.255
• 172.16.0.0 – 172.31.255.255
• 192.168.0.0 – 192.168.255.255
• Begin with "fe80", for example fe80::1ff:fe23:4567:890a

How to determine which device is triggering alerts?

To find the IP address of each device on your network:

1. Open AVG Internet Security and go to Computer.
2. Click the Open button above Network Inspector.
3. Click Scan Network and select your network type.
4. After the scan, hover over a device panel and click Show details.
5. Under Technical information, the IP address is listed next to IP.
6. Compare the blocked IP address with the IP addresses of each device on your network.

If the alert is a false positive, we recommend keeping Remote Access Shield enabled, but you can disable notifications.

What can I do if Remote Access Shield shows too many notifications?

We recommend keeping Remote Access Shield enabled at all times, but you can disable alerts. Go to Settings ▸ Full protection ▸ Remote Access Shield, then untick the box next to Notify me about blocked connection attempts.

How can I prevent further remote access attacks?

To protect your PC from threats:

• Use strong passwords, including capital letters, numbers, special characters, and phrases.
• Only allow trusted IP addresses to connect to your PC, and block all other connections.