i have installed PRTG demo version in my VM merchine last friday. after testing i shutdown the program and kill the process in the windows Task Manager. today, when i came back to my office, my security app detect PRTG still working and keep scan my network devices port 3389. it seams like a virus attack. i worried about my remain device security, so i uninstall PRTG.
would you please kindly explain why PRTG keep to scan all other device port 3389 in the LAN. i have check some information in the internet, it work like RDP sensor function, however i have never testing and active this sensor in PRTG.
Article Comments
Thanks. is there any entry for me to set up the default active action? Since we may have lots of important host in the same subnet, unknown scaning action in the network may brought us confusion about the security issue. It will be much appreciated PRTG can do just what I ask.
Any material is welcome. Thank you. Hope to hear you back.
Jan, 2017 - Permalink
In order to stop PRTGs scanning activity, simply delete the group "Network Discovery" in PRTGs webinterface. This will stop it from discovering your network. Then you can start creating it manually.
Jan, 2017 - Permalink
When initially installed, PRTG does indeed do a scan of your network, the so called Smart Setup. It first pings all devices in the same subnet and does a portscan on all "important" ports that users probably want to monitor, including 3389, which is the port for the Remote Desktop Protocol.
However, if both PRTG services (PRTG Core Server Service and PRTG Probe Service), there should've been no scans. Is there a timestamp of when the scan occurred? Long story short, it's nothing to worry about ;)
Jan, 2017 - Permalink