ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Configure DLP to monitor Remote Desktop Protocol on endpoints
book
Article ID: 162237
calendar_today
Updated On:
Products
Data Loss Prevention Endpoint PreventData Loss Prevention EnforceData Loss Prevention Endpoint Discover
Issue/Introduction
Symantec DLP endpoints are not monitoring or reporting actions over Remote Desktop Protocol (RDP).
Cause
Application monitoring needs to be configured
Resolution
On the Symantec DLP Enforce console, configure the following:
Navigate to System | Agent | Application Monitoring
Click Add Application
Under Application Information create a name for your application monitor rule
Under Application Information fill out Internal Name and Original Filename with "mstsc\.exe" (no quotation marks)
Ensure Application File Access is checked off and set to Read under Application Monitoring Configuration
Click Save
Add another Application Monitoring rule by repeating the process above but instead specifying "rdpclip\.exe" (no quotation marks)