How to block RDP with a firewall rule.
Symantec Endpoint Protection (SEP) clients need to be block RDP access.
Click Add Blank Rule.
Double click Name field and change name appropriately.
Double click Action field and set to Block.
Double click Service field. This will open the Service list.
Click Add button. This will open the Protocol screen.
Set Protocol to TCP.
Set Local Port field to 3389.
Leave Remote Port field blank.
Set Direction to Both.
Click OK on Service List screen.
Modify other fields in the rule as needed.
Move the new rule to the appropriate place in the rule list.