How to Block RDP Using Symantec Critical System Protection (SCSP) 5.2

Article:TECH115345  |  Created: 2009-01-28  |  Updated: 2009-01-18  |  Article URL http://www.symantec.com/docs/TECH115345
Article Type
Technical Solution


Issue



Which Policy do I use and how do I configure it?

Symptoms
Can't block RDP



Solution



This is in reference to the Policy ... "sym_win_protection_core_sbp v5.2.0 r386".

The global rules in the policy are processed after the"Local" and "Group" rules. RDP (3389), [Remote Desktop Protocol] is handled by the ServiceOptions/Core OS Service Options/Terminal Services (termsrv_ps) options. From here go to Advanced Options/Network Controls/Inbound/Components/inbound hosts list/termsrv inbound address list, (See Illustration Below).
Under the termsrv inbound address list is an "ANY" followed by the Global inbound hosts component.




This "ANY" is allowing the connection from any hosts to be accepted. Please "Remove" the "ANY" hosts component. This will then restrict the connections to only the hosts allowed in the global inbound address list,"component" .
If you need to really lock it down, remove the global incoming hosts list from the terminal services incoming hosts list and add just the addresses that are to be allowed.


References
Policy: sym_win_protection_core_sbp v5.2.0 r386





Legacy ID



2009012809251653


Article URL http://www.symantec.com/docs/TECH115345


Terms of use for this information are found in Legal Notices