Frequently Asked Questions

SYSMarshal is a comprehensive Windows server security tool designed to detect, block, and prevent cyber attacks in real-time. It protects your servers from various threats including RDP brute-force attacks, SQL injection attempts, DDoS attacks, and unauthorized access by automatically identifying and blocking malicious IP addresses.

SYSMarshal provides protection against multiple attack vectors:

• RDP Brute-Force Attacks: Blocks repeated login attempts on Remote Desktop Protocol
• SQL Injection: Detects and prevents malicious SQL queries
• DDoS Attacks: Identifies and mitigates Distributed Denial of Service attacks
• Unauthorized Access: Monitors and blocks suspicious access attempts
• Port Scanning: Detects reconnaissance activities

SYSMarshal operates through a multi-layered approach:

• Continuously monitors Windows server logs and network traffic
• Analyzes patterns to identify suspicious activities
• Automatically blocks malicious IP addresses in real-time
• Updates firewall rules to prevent future attacks
• Provides detailed alerts and reports for security monitoring

SYSMarshal is ideal for:

• System administrators managing Windows servers
• IT security teams responsible for server protection
• Small to enterprise businesses hosting web applications
• Data centers and hosting providers
• Organizations handling sensitive data
• Companies subject to compliance requirements (HIPAA, PCI-DSS, GDPR)

Minimum Requirements:

• Windows Server 2012 or later (2016, 2019, 2022 supported)
• 2 GB RAM (4 GB recommended)
• 500 MB available disk space
• .NET Framework 4.7.2 or higher
• Administrator privileges for installation

Installation is straightforward:

• Download the SYSMarshal installer from our website
• Run the installer with administrator privileges
• Follow the installation wizard
• Configure initial settings during setup
• The service starts automatically after installation

Complete documentation is provided with detailed step-by-step instructions.

The installation process typically takes 5-10 minutes, depending on your server configuration. SYSMarshal begins protecting your server immediately after installation is complete.

SYSMarshal comes with secure default settings that work for most environments. However, you can customize:

• Thresholds for attack detection
• IP whitelist for trusted sources
• Notification preferences
• Logging verbosity
• Automatic blocking rules

All configurations can be adjusted through the intuitive admin panel.

Yes! SYSMarshal automatically blocks malicious IP addresses in real-time when suspicious activity is detected. You can configure the blocking thresholds and duration. Blocked IPs are added to Windows Firewall rules automatically, preventing further attacks.

Absolutely. SYSMarshal allows you to create a whitelist of trusted IP addresses that will never be blocked, regardless of their activity. This is essential for protecting your own IP addresses, authorized remote administrators, and trusted partners.

SYSMarshal offers comprehensive alerting:

• Email Notifications: Real-time alerts sent to specified email addresses
• Dashboard Alerts: Visual indicators in the admin panel
• Log Files: Detailed records of all security events
• Reports: Scheduled security summary reports

You can customize alert severity levels and notification preferences.

SYSMarshal is designed to be lightweight and efficient. It uses minimal system resources (typically less than 1% CPU and 100MB RAM) and operates in the background without affecting your server's performance or legitimate user connections.

Yes, SYSMarshal provides a comprehensive dashboard where you can:

• View all currently blocked IP addresses
• Review attack history and patterns
• Analyze attack types and frequency
• Export data for compliance reporting
• Manually unblock IPs if needed

Yes, SYSMarshal is designed to complement your existing security infrastructure. It works alongside firewalls, antivirus software, and intrusion detection systems, providing an additional layer of protection specifically focused on real-time threat blocking.

SYSMarshal offers flexible licensing options:

• Single Server License: Perfect for individual servers
• Multi-Server License: Cost-effective for multiple servers
• Enterprise License: Unlimited servers with priority support

All licenses include updates, support, and access to new features.

Yes! We offer a 30-day free trial with full functionality so you can evaluate SYSMarshal in your environment before purchasing. No credit card required for the trial.

We offer a 60-day money-back guarantee. If you're not satisfied with SYSMarshal for any reason, contact us within 60 days of purchase for a full refund.

SYSMarshal uses an annual subscription model. Your license includes one year of updates, support, and all new features. You'll receive renewal reminders before expiration, and renewing ensures continued protection and access to updates.

We provide comprehensive support:

• Email Support: Available for all customers (24-48 hour response)
• Priority Support: Included with Enterprise licenses (4-8 hour response)
• Knowledge Base: Extensive documentation and tutorials
• Video Guides: Step-by-step installation and configuration videos
• Community Forum: Connect with other SYSMarshal users

We release regular updates to enhance security, add features, and address emerging threats. Major updates are released quarterly, with security patches deployed as needed. All updates are included with your active license and can be installed automatically or manually.

Updates can be applied through the admin panel with one click, or you can enable automatic updates to ensure you're always protected with the latest version. The update process is seamless and doesn't require server restart in most cases.

Our support team is here to help! Contact us via email with your configuration questions, and we'll provide guidance tailored to your environment. Enterprise customers have access to priority support with faster response times.

SYSMarshal monitors Windows Event Logs for failed RDP login attempts. When multiple failed attempts are detected from the same IP address within a specified timeframe, the IP is automatically blocked. You can configure the threshold (e.g., 5 failed attempts in 10 minutes).

Yes! With a multi-server or enterprise license, you can deploy SYSMarshal across multiple servers. Each server runs its own instance, but you can manage them centrally through our management console (available with Enterprise licenses).

SYSMarshal operates independently without requiring constant internet connectivity. However, internet access is recommended for:

• License activation and validation
• Downloading updates
• Sending email notifications
• Accessing threat intelligence feeds (optional)

SYSMarshal monitors various Windows logs including:

• Security Event Logs
• System Event Logs
• Application Logs
• IIS Logs (for web server protection)
• SQL Server Logs (for database protection)

Yes, SYSMarshal allows you to export detailed security reports in multiple formats (PDF, CSV, Excel) for compliance, auditing, or analysis purposes. Reports can be generated on-demand or scheduled automatically.

Absolutely! SYSMarshal works on Windows servers regardless of where they're hosted—on-premises, in the cloud (AWS, Azure, Google Cloud), or in hybrid environments.