Hello,
There are few ways for resolving that issue:
1) Block Remote Administration from NTP -
Default Firewall Rules - The Deny rules includes blocking IPv6, IPv6 over IPv4, local file sharing, and Remote Administration
2) Block certain users in Specific Group to access Remote Desktop to specific 1 single server by Following Steps provided below:
- Confirm that Symantec Endpoint Protection is Installed with All features (Antivirus / Antispyware Protection, Proactive Threat Protection and Network Threat Protection) on Symantec Endpoint Protection Manager Server and on Client machine and the Machines have been Restarted after Installation.
- Go to the Specific Group to which the Policy is to be applied.
- Click on Policies TAB, Right click on the Firewall Policy and Click on "Non-Shared to copy."
- Edit the Remote Administration Policy. In Service Column, Add Block TCP 135, Block TCP and UDP 3389. Set Local port to 3389. Kept Remote Port "Blank". Kept Direction to "Both"
- Add IP Address OR MAC address of 1 client (Machine be Blocked) in the Host Column as Local.
- Enable the Policy and Click on "OK"
Reference: https://www-secure.symantec.com/connect/forums/blocking-remote-desktop-connection-symantec-endpoint-protection
Here are the Articles which would explain, more on the default Firewall rules in SEP 12.1
About firewall rules
http://www.symantec.com/docs/HOWTO55261
Default Symantec Endpoint Protection 12.1 RU1 Firewall Policy explanation
http://www.symantec.com/docs/TECH180569
Hope that helps!!