RDP Defender Not Working on Windows 10 Pro

[jmcguirl]

Background:
I just installed RDP Defender v1.3 with settings of:

• MAX FAILS 3
• COUNTER RESET 2 HOURS
• WHITELISTED IPs: 127.0.0.1 and 333.333.333.333 (fictional public ip)

on Windows 10 Pro 64-bit Version 1511 OS Build 10586.545.
at IP 111.111.111.111 (fictional public ip)

EVENTS:

1. I confirmed the "RDP Defender Service" is running in Services.msc.
2. I then RDP'd to different windows 10 pro machine in a geographically different location at 222.222.222.222 (fictional public ip not in the whitelist) from IP 333.333.333.333 (fictional public ip THAT IS in the whitelist).
3. From that machine at 222.222.222.222, I purposely attempted several invalid rdp login attempts to 111.111.111.111, over 10 in all.
4. The event viewer shows the failed attempts (Event ID 4625).

PROBLEM:
RDP Defender IS NOT blocking attempts (adding 222.222.222.222 to firewall) from 222.222.222.222.
RDP Defender should be blocking 222.222.222.222 right?
Am I missing something? How do I correct this problem?

[admin]

Hello,

I think there may be a little misunderstanding on how RDP defender actually work here.

RDP defender records how many times a failed logon attempt occurs and will create a firewall rule blocking the IP address with too many failed logon attempt.

Now RDP defender will not work for HTML5 connections, because the connection is initialized by the server itself, the distant IP address will be recorded as 127.0.01. I.

RDP defender will work fine for connection to the server made by any other method, at the condition that Windows event logs includes the IP source of the remote connection. This is not always the case because it can be set in a GPO, please check the following and set as shown below :

Computer configuration / Windows settings / Security Settings / Local Policies / Security options : "Network security : Restrict NTML: Incoming NTLM traffic -- Deny all accounts.