0 Replies Latest reply on Feb 8, 2015 11:12 AM by theglot

    Monitoring RDP via McAfee AV


      Tracking whom and how often RDP is performed by either Users /Admins can be a good matrix to track.  It can also help track down both an attacker or rouge insider.


      In VSE Access Protection Policy, select unwanted Programs:


      Selection User-Defined Rules- New


      Select  "Port Blocking Rule"  -default


      Name the rule something you will understand in the events-  IE RDP-WS

      Processes to include "MSTSC.exe"

      Starting and ending port "3389"

      Direction check both Inbound and Outbound


      Click OK

      Endure you uncheck block and only leave report.  IF YOU LEAVE BLOCK CHECK you will kill RDP and your Sys Admins will call for your head.