To block RDP using firewall policy, you can either edit the existing or copy of the firewall policy or create one, and follow the below process.
Open the Firewall Policy in the Symantec Endpoint Protection Manger (SEPM), under Windows Settings, click on Rules.
- Click Add Blank Rule.
- Double click Name field and set a proper name.
- Double click Action field and set to Block.
- Double click Service field. This will open the Service list.
- Click Add button. This will open the Protocol window.
- Set Protocol to TCP.
- Select Remote/Local.
- Set Local Port field to 3389.
- Leave Remote Port field blank.
- Set Direction to Both, Click OK
- Click OK on Service List screen.
- Modify other fields in the rule as needed.
- Move the new rule to the appropriate place in the rule list, save the changes.
Note: Test the created policy before applying it to the production environment.