Complete RDP Protection Features
Discover how BruteFence protects your Windows server from automated attacks in real-time.
Continuous Server Monitoring
Like a security guard - monitors 24/7 for any malicious login attempts on your machine
BruteFence continuously monitors the Windows Security Event Log (Event ID 4625) for every failed RDP login attempt. With real-time processing, it instantly detects attack patterns and automatically responds before attackers can succeed.
Automatic Attack Protection
If someone tries two wrong passwords, the program automatically blocks them - permanently or temporarily, as you configure
When an IP address reaches the configured threshold (default 2 failed attempts), BruteFence automatically creates a Windows Firewall block rule. Choose between permanent or time-based blocking (1 hour, 24 hours, or forever).
Never Lock Yourself Out
Configure the locations from which you typically connect - these will never be blocked by the program
The whitelist feature allows you to exclude trusted IP addresses or entire network ranges (in CIDR format) from monitoring. Whitelisted IPs are never blocked, even if they reach a threshold - perfect for specifying office IPs, VPN servers, or known locations.
You Control the Rules
Configure how many wrong password attempts trigger a block, and how long the block should last
Full control over protection behavior: set the threshold (2-20 failed attempts), choose block duration (1 hour, 24 hours, forever), and configure the time window in which attempts count. Different settings for different scenarios - strict for single-user machines or lenient for multi-user servers.
Works in Your Language
The program is fully available in Hungarian, English, and German
BruteFence's complete graphical interface (GUI), settings panels, documentation, and support are available in three languages: Hungarian, English, and German. No restart required.
Always Up-to-Date
Automatically downloads and installs updates to keep you always safe
The built-in automatic updater checks daily for new versions over a secure HTTPS channel. When a new version is available, you'll receive a notification and can update with a single click. Updates are signed with SHA256 hashes for integrity verification. Choose between automatic downloads or manual updates.
Technical Overview
How Real-Time Monitoring Works
When a failed RDP login occurs (Event ID 4625), the service receives immediate notification, parses the source IP address, and updates internal counters. If an IP reaches the threshold, it instantly creates a firewall rule - typically within 100-500ms of the last failed attempt.
Windows Firewall Integration
Block rules use native Windows Defender Firewall commands (NetSecurity PowerShell module / COM interop). Each rule is prefixed with "BruteFence-Block-" for easy identification. Rules persist in the firewall even if the service restarts or stops - ensuring continuous protection. All firewall operations are performed with Administrator privileges for security and reliability.
Performance and Resource Usage
BruteFence has minimal resource requirements: ~30-50MB RAM (steady-state), <1% CPU (idle), 5-10% CPU (during active attack processing). The .NET 8.0 runtime ensures efficient execution and low memory footprint.
Ready to Set Up Protection?
Try BruteFence free for 7 days - no credit card required.