By default, the HTML5 service is the watched process.
If you wish to disable its monitoring or check connections on other processes, go to the Settings > Advanced tab.
Then add ports to watch.
In many cases, the "faulty" connection was a RDP one ( port :3389 ) as not an HTML5 connection.
You can add port 3389 from your Advanced Security settings : 
There are two firewalls supported by TSAS:
- Windows firewall (default)
- the firewall integrated into TSplus Advanced Security
The firewall used is indicated in the advanced settings:
https://docs.terminalserviceplus.com/advanced-security/advanced-firewall
What is the firewall listed?
We recommend that you check that the firewall used is actually blocking the address: the integrated firewall is based on the list of blocked IP addresses.
The logs will indicate a possible error when starting the service.
Windows firewall uses a rule named "TSplus Advanced Security - Homeland Access Protection- Block 94.232.47.130"
To check the existence of the rule in the Windows firewall, you must either run the following command:
netsh advfirewall firewall show rule name = "TSplus Advanced Security - Homeland - Block 94.232.47.130"
You can also export of rules in txt format from windows firewall:
Also check:
- Windows Firewall may be disabled by a GPO if the computer is joined to an Active Directory domain.
- The customer may have disabled Windows Firewall in favor of a third-party firewall.
In these two cases, you must then activate the firewall integrated into TSAS from the advanced settings.
We also recommend retrieving the memory dump:
1) Right click on "My Computer" and go to properties
2) Click on "Advanced system settings"
3) Click on "Settings" under the menu "Startup and Recovery", and select "Complete memory dump" (if option available. If not, then click on "Kernel memory dump"
Then, next time, the file %systemroot%\MEMORY.DMP will be created.