cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 10
Report Inappropriate Content
Message 1 of 6

Control Data over RDP sessions

Jump to solution

Dear guys,

Some of our users are connecting from home to the network through VPN connection and use RDP to access their systems on site. We would like to use DLP to prevent them from copying data to their home desktops. Is there a possible way?

Thank you

#DLP #Data Loss Prevention

2 Solutions

Accepted Solutions
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Control Data over RDP sessions

Jump to solution

Hi @it1024 ,

Thank you for writing in here.

Yes its possible from DLP end. 

When you take a RDP session of a computer, it generally has rdpclip.exe which is responsible for copy paste operations between host and client pc's where the mstsc is launched from.

So kindly create a Application File Access Protection rule to block classified data transfer from your organization PC's to local personal PC's.

Kindly checkout the below video for the rule and how the block is happening and how the copied contents are nulled out after pasting in your personal PC.

[video]

 

DLP Incident screenshot for the action done by the user,

rdp incident.PNG

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thank you.

 

Regards,
Jithendran S
McAfee Employee

View solution in original post

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 6

Re: Control Data over RDP sessions

Jump to solution

Hi @it1024 ,

Fyi - We have written an official KB on the same! 

https://kc.mcafee.com/corporate/index?page=content&id=KB92803 

 

Thank you.

Regards,
Jithendran S
McAfee Employee

View solution in original post

5 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Control Data over RDP sessions

Jump to solution

Hi @it1024 ,

Thank you for writing in here.

Yes its possible from DLP end. 

When you take a RDP session of a computer, it generally has rdpclip.exe which is responsible for copy paste operations between host and client pc's where the mstsc is launched from.

So kindly create a Application File Access Protection rule to block classified data transfer from your organization PC's to local personal PC's.

Kindly checkout the below video for the rule and how the block is happening and how the copied contents are nulled out after pasting in your personal PC.

[video]

 

DLP Incident screenshot for the action done by the user,

rdp incident.PNG

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thank you.

 

Regards,
Jithendran S
McAfee Employee

View solution in original post

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 6

Re: Control Data over RDP sessions

Jump to solution

Hi @it1024 ,

Fyi - We have written an official KB on the same! 

https://kc.mcafee.com/corporate/index?page=content&id=KB92803 

 

Thank you.

Regards,
Jithendran S
McAfee Employee

View solution in original post

Re: Control Data over RDP sessions

Jump to solution

Hi Jithendran,

File access protention doesn't block the file if its copied over the mapped network drive over RDP. Any solution for that.

 

Thanks

Amar

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 6

Re: Control Data over RDP sessions

Jump to solution

Hi @Amarpreet_Singh ,

Thank you for writing in here. 

I would advise you to create a new post for this, so that our users would be benefited in identifying the issue uniquely. 

Kindly create a new post and kindly explain the steps in detail, if possible with screenshots of the rule which you have created and the action being performed.

 

Thank you.

Regards,
Jithendran S
McAfee Employee

Re: Control Data over RDP sessions

Jump to solution

Hi Jithendran,

We have tried to implement the DLP rule according to your video and the KB article, but it doesn't seem to work. The rule neither blocks the actual file transfer nor reports any incidents to the ePO when a file is copied to/from the remote PC.

Any ideas as to why this doesn't work? Are there any specific requirements? We have tested with DLP 11.3 on both Windows 7 and Windows 10 machines.

Thanks in advance!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community