![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
343 questions
Hello Kevin
This line of text describes how a Windows system is using the svchost.exe program to run TermService, which allows remote desktop connections on port 3389. Port 3389 is the default port used by Remote Desktop Services. This is a common configuration for enabling remote access to a Windows computer, often used for tasks like remote administration or support.
If you suspect it in any way, it could be a security concern, as unauthorized access to port 3389 could lead to security risks.
It is recommended to ensure that the RDS are properly secured by implementing strong passwords, enabling Network Level Authentication (NLA), and restricting access to RDS to only authorized users. Additionally, you may want to consult with your EDR platform provider to see if they have any recommendations for monitoring and securing Remote Desktop Services.
Regards,
Karlie