0 Replies Latest reply on Feb 8, 2015 11:12 AM by theglot

    Monitoring RDP via McAfee AV

    theglot

      Tracking whom and how often RDP is performed by either Users /Admins can be a good matrix to track.  It can also help track down both an attacker or rouge insider.

       

      In VSE Access Protection Policy, select unwanted Programs:

       

      Selection User-Defined Rules- New

       

      Select  "Port Blocking Rule"  -default

       

      Name the rule something you will understand in the events-  IE RDP-WS

      Processes to include "MSTSC.exe"

      Starting and ending port "3389"

      Direction check both Inbound and Outbound

       

      Click OK

      Endure you uncheck block and only leave report.  IF YOU LEAVE BLOCK CHECK you will kill RDP and your Sys Admins will call for your head.