SCSP IPS - Unblock RDP functionality
Created: 07 Oct 2012 | 4 comments
Hello,
I'm currently working on developing a new IPS policy based in the sym_win_protection_strict_sbp policy and have had the policy applied with prevention disabled to profile known applications. I did not detect anything which would block RDP access once enabled with an error on the agent machine of 'The Local Security Authority could not be contacted'.
When connecting to the agent machine using RDP a prompt appears for authentication but then the error is received. The strange thing is there is no obvious information in the logs to identify the processes and rule type which is preventing this.
Can anyone advise?
Thanks
Sean.
Discussion Filed Under:
Comments 4 Comments • Jump to latest comment
check the policy confoiguration for strict policy however the link is for sym_win_protection_core_sbp policy, check if you have selected any host to block.
http://www.symantec.com/business/support/index?page=content&id=TECH115345
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Thanks for the reply Pete, however this is 5.2.9 policies. I just need confirmation that RDP is allowed with 'out of the box' strict and core policies?
i do not have 5.2.9 policy , however earlier versions have inbound allow any and outbound any to any.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Ive answered my own question using 5.2.9 strict and core. RDP is permitted with the default IPS policies so it looks like it is something to do with a netscaler service acount.
Thanks anyway.
Would you like to reply?
Login or Register to post your comment.