Symantec DLP endpoints are not monitoring or reporting actions over Remote Desktop Protocol (RDP).

Application monitoring needs to be configured.

On the Symantec DLP Enforce console, configure the following:

Navigate to System > Agent > Global Application Monitoring

• 1. Click Add Application
  2. Under Application Information create a name for your application monitor rule
  3. Under Application Information fill out Internal Name and Original Filename with following: mstsc\.exe
  4. Ensure Application File Access is checked off and set to Read under Application Monitoring Configuration
  5. Click Save

Add another Application Monitoring rule by repeating the process above but instead specifying the rdpclip app: rdpclip\.exe

Example of a completed form can be found below. Your Application Monitoring Configuration may be different based on your needs.

To ensure the Endpoint Agent has the latest configuration, reboot the Endpoint to force a check-in with the Endpoint Server. If the Endpoint machine is off-network, connect to VPN first to download the latest config before performing any testing.