1 of 1 people found this helpful
I do not recommend you using this method to block remote session tools, because the agent blocks the filename, not the application signature, so lets say that you are blocking VNC.EXE on your rule, if the user changes the name of the filename to CNV.EXE, he is going to open it, you are gonna need couple of methods to accomplish this...
Thanks.Any suggestion on how we can achieve this.I have been looking into the PUP list for Remote desktop programs.But the list is not comprehensive.
Mcafee should be able to provide the pup list of admin tools via a support call eg RemAdm-DWRC is dameware
scratch that ISWYM
do you use the ASE module? you may get a better list of remote tools used in PUP from that as it aknowledges a lot more stuff that held in the DATS but not reported on with basic VSE.
You can use HIPS to block known remote desktop ports.
If you are using active directory, you can block application signatures.