Video Screencast Help

SCSP IPS - Unblock RDP functionality

Created: 07 Oct 2012 | 4 comments
Sean_Moore's picture

Hello,

 

I'm currently working on developing a new IPS policy based in the sym_win_protection_strict_sbp policy and have had the policy applied with prevention disabled to profile known applications.  I did not detect anything which would block RDP access once enabled with an error on the agent machine of 'The Local Security Authority could not be contacted'.

When connecting to the agent machine using RDP a prompt appears for authentication but then the error is received. The strange thing is there is no obvious information in the logs to identify the processes and rule type which is preventing this.

Can anyone advise?

Thanks

 

Sean.

Comments 4 CommentsJump to latest comment

pete_4u2002's picture

check the policy confoiguration for strict policy however the link is for sym_win_protection_core_sbp  policy, check if you have selected any host to block.

http://www.symantec.com/business/support/index?page=content&id=TECH115345

Sean_Moore's picture

Thanks for the reply Pete, however this is 5.2.9 policies. I just need confirmation that RDP is allowed with 'out of the box' strict and core policies?

MCTS,MCSA,ACSA,SCS,STS
SME - SEP/SCSP/MS-BITLOCKER
pete_4u2002's picture

i do not have 5.2.9 policy , however earlier versions have inbound allow any and outbound any to any.

Sean_Moore's picture

Ive answered my own question using 5.2.9 strict and core. RDP is permitted with the default IPS policies so it looks like it is something to do with a netscaler service acount.

 

Thanks anyway.

MCTS,MCSA,ACSA,SCS,STS
SME - SEP/SCSP/MS-BITLOCKER