Is monitoring of RDP traffic possible?
In short: You can not monitor RDP traffic.
The RDP protocol is a multi-channel protocol that communicates by default via encrypted traffic. This will prevent Symantec DLP from detecting incidents. In addition, communication is not carried out in a traditional way. The actual text communication is sent in such a way that it does not allow Symantec DLP to monitor that traffic.
On the server, RDP uses its own video driver to render display output by constructing the rendering information into network packets by using the RDP protocol and sending them over the network to the client. On the client, RDP receives rendering data and interprets the packets into corresponding Microsoft Win32 graphics device interface (GDI) API calls. For the input path, client mouse and keyboard events are redirected from the client to the server. On the server, RDP uses its own on-screen keyboard and mouse driver to receive these keyboard and mouse events.
For further details, see: