SCSP IPS - Unblock RDP functionality
I'm currently working on developing a new IPS policy based in the sym_win_protection_strict_sbp policy and have had the policy applied with prevention disabled to profile known applications. I did not detect anything which would block RDP access once enabled with an error on the agent machine of 'The Local Security Authority could not be contacted'.
When connecting to the agent machine using RDP a prompt appears for authentication but then the error is received. The strange thing is there is no obvious information in the logs to identify the processes and rule type which is preventing this.
Can anyone advise?