ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Configure DLP to monitor Remote Desktop Protocol on endpoints

book

Article ID: 162237

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Enforce Data Loss Prevention Endpoint Discover

Issue/Introduction

Symantec DLP endpoints are not monitoring or reporting actions over Remote Desktop Protocol (RDP).

Cause

Application monitoring needs to be configured

Resolution

On the Symantec DLP Enforce console, configure the following:

 

  • Navigate to System | Agent | Application Monitoring
    • Click Add Application
    • Under Application Information create a name for your application monitor rule
    • Under Application Information fill out Internal Name and Original Filename with "mstsc\.exe" (no quotation marks)
    • Ensure Application File Access is checked off and set to Read under Application Monitoring Configuration
    • Click Save
  • Add another Application Monitoring rule by repeating the process above but instead specifying "rdpclip\.exe" (no quotation marks)
  • Update your DLP endpoint policy

Attachments

rdpclip.PNG get_app