Closing the entry door for RDP-based attacks (ransomware)
Remote Desktop Protocol (RDP) is currently, by a wide margin, the most common attack vector used by threat actors to gain access to Windows computers and install ransomware and other malware.
RDP was designed to enable remote access for technicians to resolve software issues. However, if not properly secured through VPNs or other means, RDP functions as an open invitation to attackers – especially on business servers that are online 24/7.
Emsisoft protection software now monitors the status of the RDP service in real-time. If it detects multiple failed login attempts, it will trigger an alert on the Management Console for administrators. They can then decide whether to disable the RDP service on the affected device.
In addition, the single-device dashboard also shows the status of the RDP service on each device.
New notifications sidebar
We’ve added a new notification feature to Emsisoft Management Console, which improves daily workflow and efficiency for security admins. It highlights all events that require an urgent response, such as newly found threats, partially disabled security components or missing software updates.
New fully customizable workspaces and devices lists
One of the features frequently requested by our customers was the ability to select custom columns with device properties on the Management Console workspace dashboard. You can now choose from more than 25 available metadata columns. This allows you to optimize your daily workflow without missing any important security-relevant information.
All 2020.7 improvements in a nutshell
Emsisoft Anti-Malware
- New RDP attack alerts.
- Several minor tweaks and fixes.
MyEmsisoft/Management Console
- New RDP attack alerts.
- New notifications sidebar.
- New fully customizable workspaces and devices lists.
- Improved 2FA settings.
- Several minor tweaks and fixes.
How to obtain the new version
As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default.
Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically.
Have a great and well-protected day!