Home Support

AVG Support Community

Share tips and solutions on AVG Products

Have a question?

Community topics

AVG Gurus

These community experts are here to help

  • (AB) Alan Binch
  • (BA) Borislav Angelov
  • (VB) Vladimir Bartl
  • (SK) Subhadeep Kanungo
  • (MS) Miloslav Serba
Artur BartoszArtur Bartosz 

Problem with LAN smb BruteForce

Hi,

We have few PCs in office.
All PCs are connected to the same LAN, Windows 8-10 and latest AVG Internet Seciuryty.
All PCs are scnned.


On one of PCs (192.168.1.200) AVG show warning that another PC in LAN (192.168.1.211) are trying to smb brute force attack - incoming remote desktop connection are blocked:
https://i.imgur.com/xA5K47Y.png

List of all tries: 
https://i.imgur.com/8eea2HN.png

I check 192.168.1.211 and 
- remote access and help turned off
- samba in windows features turned off
- no AVG warnings

Please AVG, could you help us? 

Greetings,
Artur
Midhun AloorMidhun Aloor (Foundever)
Hello Arthur,

We'll certainly look into this and help you.
Could you let us know if you kept receiving the threat pop-ups after disabling the Remote Access Shield?
Also, you can repair your AVG Internet Security once & check if that helps.
Refer to this article to repair your AVG Internet Security.
Thanks in advance. Keep us updated.
Artur BartoszArtur Bartosz
I've never disable it because i worry about this bruteforce attack
I've click "Do not show again" only.

You think, that this smb brute force attack will be repaired when i reinstall AVG?
Midhun AloorMidhun Aloor (Foundever)
We understand your concern, Arthur.

We request you to repair your AVG Internet Security, not reinstall it.
Refer to this article to repair your AVG Internet Security.
If the issue still persists after the repair, kindly disable your Remote Access Shield temporarily & check for the issue.
Thank you for understanding. Keep us updated.
loredano loredaniloredano loredani
Hi,
I have similar problem:
- 1 workstation, 2 node on windows10 64bit.
AVG shows waring of smb brute force attack from one node,
this happens when the node start to comunicate with workstation with Distribute Render plugin.

thanks
loredano loredaniloredano loredani
...i have repaired AVG as from link, but this not solve
Rakshith RajkumarRakshith Rajkumar (AVG)
Hi Loredano,

We will check this for you.
Could you share us the screenshot of the error message?
Refer this article for the steps to capture the screenshot : https://bit.ly/2Y6RCDP
You can post the screenshot here in your topic. Click on 'Answer' & then click on the 'Image' [mountain symbol] & follow the instructions.
loredano loredaniloredano loredani
Hi Rakshith,
i have unistalled AVG temporary and i can't take the screeshot now, when i will reinstall i will send it.

thank you
Balasubramanian SBalasubramanian S (Avast) 
Sure, Loredano.
You can post the screenshot at any time. We are available round the clock.
loredano loredaniloredano loredani
Hi,
this is the screeshot:
the url is the ipv6 address of node who is connecting with the workstataion.

User-added image
AvinashAvinash (Avast) 
Loredano, thank you for sharing the screenshot.
If the connection is trusted, we'd request you to add the IP address of the workstation in AVG Remote access shield settings on node.

Open AVG, click Menu -> Settings -> Full Protection -> Remote access shield.
Scroll down on the right hand side and click 'Add trusted network' and enter the IP address of the Workstation.
loredano loredaniloredano loredani
Thank you Avinash for answer,
the problem for me is IF "the connection is trusted"

Regards
Loredano
 
loredano loredaniloredano loredani
..so the question is: how to check if i am under attack from Remote desktop?
AvinashAvinash (Avast) 
Loredano, however the request is from a PC within same network, if you did not initiate the remote connection, it should not try to connect.
You need not worry as AVG has blocked the remote connection.
loredano loredaniloredano loredani
Hi Avinash,
this is the setting, but the alert persist.
User-added image
Midhun AloorMidhun Aloor (Foundever)
We're sorry to hear that the issue persists, Loredano.

Kindly write back to us in your own/new post, so that we can access your account information & assist you further via email.
Thank you for understanding in advance!
LEN CLARKLEN CLARK
I have the same problem with a home network WITHOUT remote desktop permissions. One laptop repeatedly reports it is under attack from a PC on the network.
 
Rakshith RajkumarRakshith Rajkumar (AVG)
Hi Len,

We will help you in this.
The IP address you see in that pop up message, is it a trusted IP address?
If the connection is trusted, we'd request you to add the IP address of the workstation in AVG Remote access shield settings on node.

Open AVG, click Menu -> Settings -> Full Protection -> Remote access shield.
Scroll down on the right hand side and click 'Add trusted network' and enter the IP address of the Workstation.
Peter HardcastlePeter Hardcastle

I have the same problem. There are two Windows 10 PC's on my network which have shares with a Windows 10 PC. Just one of the Windows 10 PC's connects OK, but the other is blocked, with the same "Incoming connection blocked" pop-up repeatedly appearing. I've tried adding "trusted network" IP addresses as suggested by Rakshith Rajkumar, but without success (maybe a reboot is required?).

The only thing that has stopped the blocking is to turn off "Remote Access Shield" altogether. Not ideal, but at least I can now get access.

Any clues on how to fix this without compromising the "Remote Access Shield"?

 

Dinesh KrishnanDinesh Krishnan (Foundever)
Hi Peter, 

We're glad to look into this & help you.
It isn't recommended to disable Remote access shield. Please restart your computer once after excluding the IP address & check.
If issue persists, please write back to us in your own post to investigate further on this. 
Thank you for your understanding in advance!
Bobby PBobby P
Hey Guys,

I found the bug...

My Issues:

AVG Internet Security blocking allowed, legit LAN connections in remote access shield

Flagged as - SMB: Brute Force Attempt

Disable "Enable Samba protection" in Remote Access Shield to Fix it, it's classifying SMB as Samba...

Let's get on the ball AVG, this is an unacceptable bug!!!
Veeramani SivakumarVeeramani Sivakumar (Sitel)
Hello Bobby, 

We will check and help you to resolve it. Please write back to us from own separate post. So, we can check our records and help you further with it.

Keep us updated. Thank you. 
loredano loredaniloredano loredani
Good morning,
some update about the issue, it persist on my local network

thank you
Veeramani SivakumarVeeramani Sivakumar (Sitel)
Hello Loredano, 

If you connect your device to another PC when you use AVG program, you need to add that PC IP address in alllowed list of AVG Internet Security program. If you did not add in allowed list, AVG will notify about untrusted site. 

Hence, we request you to add other PC IP address to AVG Internet Security by following our previous steps and let us know the status. 

If your PC have any threats or issues, AVG will check and notify you. Thank you. 
Michael AMichael A
I don't have time to add every dynamic IP address PC on the network to this list. Solution: uninstall AVG firewall and use the Windows one instead.
Samuel ManiSamuel Mani (Avast)
Hello Michael,
Thank you for replying.
We are sorry for the trouble caused.
Please update the recent version and check the status.
Thank you and keep us updated.
Ask a question
Struggling with non-AVG technology? We can fix that, too!