Author Topic: New feature announcement - Remote Access Shield  (Read 1943 times)

0 Members and 1 Guest are viewing this topic.

Offline Jakub Dubovic

  • Avast team
  • Jr. Member
  • *
  • Posts: 28
New feature announcement - Remote Access Shield
« on: June 24, 2020, 06:27:03 PM »
Remote Desktop Protocol (RDP) is the most dominant cyber security attack vector, being used in 63.5% of disclosed targeted ransomware campaigns in Q1 of 2019.[1] The average downtime related to a ransomware attack is 7.3 days and its average cost is $64,645.[1] Besides spreading malware, RDP attacks are used by skilled hackers to infiltrate corporate environments. RDP is the ultimate infection vector that evades all security layers in most antivirus software and compromises the system directly. During the recent COVID-19 pandemic, the frequency of RDP-based attacks has drastically increased as a result of a large number of employees working from home.[2][3]

The most common ways of gaining access of a computer via RDP are the following:
  • Brute-force attack - the attackers attempt to sign in to an account by using trial-and-error methods. These can include repeatedly trying to log in with commonly used or stolen credentials, leading to many failed sign-ins occurring over very short time frequencies, typically minutes or even seconds.[4]
  • Unpatched OS - the operating system is vulnerable to known Remote Desktop exploits. An example is BlueKeep[5], which allows the attacker to run malicious code in the kernel memory of the server, taking control of the entire system.


We are proud to introduce our solution to the Remote Desktop vulnerabilities - Remote Access Shield.
The shield offers the protection of your business or your personal data with the following features:
  • Choose who can remotely access the protected computer using Remote Desktop, blocking all other connection attempts.
  • Automatically block any brute-force attacks trying to crack the protected computer's credentials.
  • Automatically block connections attempting to use Remote Desktop exploits like BlueKeep to take control of the protected computer.
  • Automatically block Remote Desktop connections from high-risk IP addresses.
  • Get notifications about Remote Desktop connection attempts blocked by Avast.

The Remote Access Shield is available in Avast Premium Security starting with version 20.5 and it will reach Avast Business edition soon.
If you have any questions or suggestions for this new feature, please let us know! We would appreciate all of our beta testers to try the Remote Access Shield out and give us feedback!


[1] https://www.coveware.com/blog/2019/4/15/ransom-amounts-rise-90-in-q1-as-ryuk-ransomware-increases
[2] https://healthitsecurity.com/news/covid-19-remote-work-causes-spike-in-brute-force-rdp-cyberattacks
[3] https://securelist.com/remote-spring-the-rise-of-rdp-bruteforce-attacks/96820
[4] https://www.microsoft.com/security/blog/2019/12/18/data-science-for-cybersecurity-a-probabilistic-time-series-model-for-detecting-rdp-inbound-brute-force-attacks
[5] https://blog.avast.com/what-is-bluekeep

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83548
  • No support PMs thanks
Re: New feature announcement - Remote Access Shield
« Reply #1 on: June 24, 2020, 07:14:09 PM »
How does this impact/benefit anyone with Windows 10 Home version, which doesn't have the Remote Desktop function.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.544/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline Jakub Dubovic

  • Avast team
  • Jr. Member
  • *
  • Posts: 28
Re: New feature announcement - Remote Access Shield
« Reply #2 on: June 25, 2020, 01:45:44 AM »
How does this impact/benefit anyone with Windows 10 Home version, which doesn't have the Remote Desktop function.

If your system doesn't have Remote Desktop enabled (e.g., because it is running Windows 10 Home, or you have disabled it manually), the shield will have no effect at the moment. There might be new supported protocols/methods of access in the future.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66075
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: New feature announcement - Remote Access Shield
« Reply #3 on: June 25, 2020, 07:43:54 AM »
Hi Jakub, thanks for the details. :)
Win 8.1 [x64] - Avast PremSec 20.7.2421.B#1 [UI.544] - CC 5.70 - EEK - FF ESR 68.11 [NS/AOS/uBO/PB] - TB 68.11 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83548
  • No support PMs thanks
Re: New feature announcement - Remote Access Shield
« Reply #4 on: June 25, 2020, 10:02:33 AM »
How does this impact/benefit anyone with Windows 10 Home version, which doesn't have the Remote Desktop function.

If your system doesn't have Remote Desktop enabled (e.g., because it is running Windows 10 Home, or you have disabled it manually), the shield will have no effect at the moment. There might be new supported protocols/methods of access in the future.

Thanks for the clarification.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.544/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66075
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: New feature announcement - Remote Access Shield
« Reply #5 on: June 25, 2020, 12:24:35 PM »
Hi, could you please provide a FAQ article..!? Cheers
Win 8.1 [x64] - Avast PremSec 20.7.2421.B#1 [UI.544] - CC 5.70 - EEK - FF ESR 68.11 [NS/AOS/uBO/PB] - TB 68.11 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline lukor

  • Moderator
  • Super Poster
  • *
  • Posts: 1877
    • AVAST Software
Re: New feature announcement - Remote Access Shield
« Reply #6 on: June 25, 2020, 10:24:48 PM »
Hi, could you please provide a FAQ article..!? Cheers

Hi Asyn, we don't have many frequently asked questions yet. Mostly only those that were asked here in this very thread. What else would you like to have in FAQ article? Maybe as others start seeing the detections or will start to interact with this new shield, we'll have more questions and answers. ;-) L.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66075
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: New feature announcement - Remote Access Shield
« Reply #7 on: June 26, 2020, 07:03:42 AM »
Let's put it this way, it would be nice to have a general article in the support section for reference when v20.5 gets released. Cheers
Win 8.1 [x64] - Avast PremSec 20.7.2421.B#1 [UI.544] - CC 5.70 - EEK - FF ESR 68.11 [NS/AOS/uBO/PB] - TB 68.11 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline mikeyt

  • Newbie
  • *
  • Posts: 1
Re: New feature announcement - Remote Access Shield
« Reply #8 on: August 03, 2020, 08:24:44 AM »
Hi,

This new Remote Access Shield feature seems to break the Remote Web Access in Small Business Essentials 2016. Users get a protocol error when trying to connect. Have made sure that the 'Allow Remote Desktop' setting in AVG is set to enabled but AVG still blocks their connections. Disabling the feature immediately allows the connection to be made again.

Any suggestions?

Thanks,

Mike

Offline Jakub Dubovic

  • Avast team
  • Jr. Member
  • *
  • Posts: 28
Re: New feature announcement - Remote Access Shield
« Reply #9 on: Yesterday at 11:25:30 AM »
Hi,

This new Remote Access Shield feature seems to break the Remote Web Access in Small Business Essentials 2016. Users get a protocol error when trying to connect. Have made sure that the 'Allow Remote Desktop' setting in AVG is set to enabled but AVG still blocks their connections. Disabling the feature immediately allows the connection to be made again.

Any suggestions?

Thanks,

Mike

Hello Mike,

Thank you for reporting the issue.

Could you please help us with the investigation by providing some data?
Please enable debug logging (Menu > Settings > General > Troubleshooting > Enable debug logging).

Reproduce the issue (try to connect with the Remote Access Shield enabled).

Create a support package (https://support.avast.com/en-eu/article/Submit-support-file) and post the ID here.

Thank you very much,
Jakub