Enabling an RDP connection is not logged in EDR
Issue/Introduction:
RDP enabling/disabling events are not properly reported by EDR.
Setting fDenyTSConnections to 1 which disables RDP is wrongly reported in "EDR as RDP Enable"
Setting fDenyTSConnections to 0 which enables RDP is not reported at all
Cause:
This issue is caused by how SEP generates these logs
Resolution:
Broadcom is aware about this issue and it will be fixed in future release of SEP