Home Support

<  Back

AVG Network Inspector alert: Remote Desktop vulnerability found

This article explains how to resolve the issue if Network Inspector in AVG AntiVirus shows the following alert:

  • Remote Desktop vulnerability found

Description

Remote Desktop Protocol (RDP), commonly called Remote Desktop, allows you to connect to your PC from any location. If you see the alert above after running a Network Inspector scan in AVG AntiVirus, we have found that your PC's Remote Desktop settings are not secure. This is due to an exposed port forwarding rule on your router and disabled Network Level Authentication on your PC.

An attacker could connect to your PC and use known vulnerabilities in Microsoft's Remote Desktop Protocol to execute malicious code, or plant malware. An attacker may also attempt to access protected areas of your PC by repeatedly guessing the password (known as a brute-force attack).

Additionally, if port forwarding is enabled on your router, your PC may be exposed to the Internet, increasing the risk of remote access attempts.

Exposing Remote Desktop Protocol to the public Internet without Network Level Authentication is extremely risky. Even with Network Level Authentication enabled, this practice should be discouraged, as zero-day exploits can emerge unexpectedly.

Solution

Disable the port forwarding rule

To mitigate the risk, it is advisable to access your router's settings and delete or turn off the port forwarding rule that directs internet traffic to your PC. Select your router brand for detailed instructions:

ASUS

Due to the wide range of different router types offered by Asus, we can only provide general instructions for frequently used models. For detailed instructions, consult the documentation for your specific router model. For further assistance, contact ASUS directly.
  1. Enter your router’s IP address (usually 192.168.1.1 or 192.168.0.1) in your browser.
  2. Enter your router username and password. If you do not know your login credentials, contact the party who provided the router. This is normally your Internet Service Provider (ISP).
  3. Go to Advanced SettingsWANVirtual Server / Port Forwarding tab.
  4. Find the forwarding rule for port 3389 and untick or delete it.
  5. Save your changes.

Belkin

Due to the wide range of different router types offered by Belkin, we can only provide general instructions for frequently used models. For detailed instructions, consult the documentation for your specific router model. For further assistance, contact Belkin directly.
  1. Enter your router’s IP address (usually 192.168.1.1 or 192.168.0.1) in your browser.
  2. Enter your router username and password. If you do not know your login credentials, contact the party who provided the router. This is normally your Internet Service Provider (ISP).
  3. Go to ConfigurationSecurity.
  4. Go to Single Port Forwarding or Port Range Forwarding.
  5. Find the forwarding rule for port 3389 and untick or delete it.
  6. Save your changes.

Cisco

Due to the wide range of different router types offered by Cisco, we can only provide general instructions for frequently used models. For detailed instructions, consult the documentation for your specific router model. For further assistance, contact Cisco directly.
  1. Enter your router’s IP address (usually 192.168.1.1 or 192.168.0.1) in your browser.
  2. Enter your router username and password. If you do not know your login credentials, contact the party who provided the router. This is normally your Internet Service Provider (ISP).
  3. Go to Firewall Port Forwarding.
  4. Find the forwarding rule for port 3389 and untick or delete it.
  5. Save your changes.
Due to the wide range of different router types offered by D-Link, we can only provide general instructions for frequently used models. For detailed instructions, consult the documentation for your specific router model. For further assistance, contact D-Link directly.
  1. Enter your router’s IP address (usually 192.168.1.1 or 192.168.0.1) in your browser.
  2. Enter your router username and password. If you do not know your login credentials, contact the party who provided the router. This is normally your Internet Service Provider (ISP).
  3. Go to the Advanced tab and select Port Forwarding or Virtual Server.
  4. Find the forwarding rule for port 3389 and untick or delete it.
  5. Save your changes.

Huawei

Due to the wide range of different router types offered by Huawei, we can only provide general instructions for frequently used models. For detailed instructions, consult the documentation for your specific router model. For further assistance, contact Huawei directly.
  1. Enter your router’s IP address (usually 192.168.1.1 or 192.168.0.1) in your browser.
  2. Enter your router username and password. If you do not know your login credentials, contact the party who provided the router. This is normally your Internet Service Provider (ISP).
  3. Go to the Advanced Settings tab and select NAT or Port Forwarding.
  4. Find the forwarding rule for port 3389 and untick or delete it.
  5. Save your changes.

Linksys

Due to the wide range of different router types offered by Linksys, we can only provide general instructions for frequently used models. For detailed instructions, consult the documentation for your specific router model. For further assistance, contact Linksys directly.
  1. Enter your router’s IP address (usually 192.168.1.1 or 192.168.0.1) in your browser.
  2. Enter your router username and password. If you do not know your login credentials, contact the party who provided the router. This is normally your Internet Service Provider (ISP).
  3. Go to the Applications & GamingPort Range Forwarding.
  4. Find the forwarding rule for port 3389 and untick or delete it.
  5. Save your changes.

NETGEAR

Due to the wide range of different router types offered by NETGEAR, we can only provide general instructions for frequently used models. For detailed instructions, consult the documentation for your specific router model. For further assistance, contact NETGEAR directly.
  1. Enter your router’s IP address (usually 192.168.1.1 or 192.168.0.1) in your browser.
  2. Enter your router username and password. If you do not know your login credentials, contact the party who provided the router. This is normally your Internet Service Provider (ISP).
  3. Go to the AdvancedAdvanced SetupPort Forwarding/Port Triggering.
  4. Find the forwarding rule for port 3389 and untick or delete it.
  5. Save your changes.
Due to the wide range of different router types offered by TP-Link, we can only provide general instructions for frequently used models. For detailed instructions, consult the documentation for your specific router model. For further assistance, contact TP-Link directly.
  1. Enter your router’s IP address (usually 192.168.1.1 or 192.168.0.1) in your browser.
  2. Enter your router username and password. If you do not know your login credentials, contact the party who provided the router. This is normally your Internet Service Provider (ISP).
  3. Go to the ForwardingVirtual Servers or NAT Forwarding.
  4. Find the forwarding rule for port 3389 and untick or delete it.
  5. Save your changes.

TRENDnet

Due to the wide range of different router types offered by TRENDnet, we can only provide general instructions for frequently used models. For detailed instructions, consult the documentation for your specific router model. For further assistance, contact TRENDnet directly.
  1. Enter your router’s IP address (usually 192.168.1.1 or 192.168.0.1) in your browser.
  2. Enter your router username and password. If you do not know your login credentials, contact the party who provided the router. This is normally your Internet Service Provider (ISP).
  3. Go to the Advanced SetupPort Forwarding.
  4. Find the forwarding rule for port 3389 and untick or delete it.
  5. Save your changes.
 

Enable Network Level Authentication

While this action addresses the immediate threat, it does not completely resolve the issue. The Network Inspector will continue to issue warnings unless you also enable Network Level Authentication, as explained below. You can resolve this issue by enabling Network Level Authentication on your PC. This ensures that any connection attempts must be authenticated before they can establish a session with the server.

Follow the steps below to enable Network Level Authentication on your PC:

  1. Click the Windows Start button and select Settings (the gear icon).
  2. Select System in the left panel, then select the Remote Desktop tile.
  3. Click the arrow beside the Remote Desktop slider and tick the box next to Require devices to use Network Level Authentication to connect (Recommended).

The steps to enable Network Level Authentication vary according to your version of Windows 10. Follow the relevant steps below:

Later versions of Windows 10

  1. Click the Windows Start button and select Settings (the gear icon).
  2. Select the System tile.
  3. Click Remote Desktop in the left panel.
  4. Click Advanced settings.
  5. Tick the box next to Require computers to use Network Level Authentication to connect (recommended).

Network Level Authentication is now enabled, and your PC is protected against unwanted connections via Remote Desktop.

Earlier versions of Windows 10

  1. Click the Windows Start button, start typing control panel to open the search box, then select Control Panel from the search results.
  2. Next to View by, ensure you are using the Category view.
  3. Select the System and Security tile.
  4. Under System, select Allow remote access.
  5. Under Allow remote connections to this computer, ensure the box next to Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended) is ticked. Then click OK.

Network Level Authentication is now enabled, and your PC is protected against unwanted connections via Remote Desktop.

  1. On your keyboard, press the Win key and X key simultaneously, then select Control Panel from the menu that appears.
  2. Next to View by, ensure you are using the Category view.
  3. Select the System and Security tile.
  4. Under System, select Allow remote access.
  5. Under Allow remote connections to this computer, ensure the box next to Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended) is ticked. Then click OK.

Network Level Authentication is now enabled, and your PC is protected against unwanted connections via Remote Desktop.

  1. Click the Windows Start button and select Control Panel.
  2. Next to View by, ensure you are using the Category view.
  3. Select the System and Security tile.
  4. Under System, select Allow remote access.
  5. Ensure that Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure) is selected. Then click OK.

Network Level Authentication is now enabled, and your PC is protected against unwanted connections via Remote Desktop.

  • AVG Internet Security
  • AVG AntiVirus Free
  • Windows
Print
Email article

Was this article helpful?

Still looking for answers ?

Visit our AVG Support Community or contact us here:

Struggling with non-AVG technology? We can fix that, too!