This is a false positive. RDP Wrapper uses API hooking (a technique also used by malware). Add the C:\Program Files\RDP Wrapper folder to your AV exclusion list.
In simple terms, it "wraps" around the original Windows RDP service, intercepting calls and changing their behavior. It does not modify or replace the original system DLL; instead, it loads a custom library ( rdpwrap.dll ) to patch the RDP service in memory. This allows: rdp wrapper dll