Enabling an RDP connection is not logged in EDR

book

calendar_today

Endpoint Detection and Response

RDP enabling/disabling events are not properly reported by EDR.

Setting fDenyTSConnections to 1 which disables RDP is wrongly reported in "EDR as RDP Enable"

Setting fDenyTSConnections to 0 which enables RDP is not reported at all

This issue is caused by how SEP generates these logs

Broadcom is aware about this issue and it will be fixed in future release of SEP