Critical System Protection

 View Only
  • 1.  SCSP IPS - Unblock RDP functionality

    Posted Oct 07, 2012 05:16 AM

    Hello,

     

    I'm currently working on developing a new IPS policy based in the sym_win_protection_strict_sbp policy and have had the policy applied with prevention disabled to profile known applications.  I did not detect anything which would block RDP access once enabled with an error on the agent machine of 'The Local Security Authority could not be contacted'.

    When connecting to the agent machine using RDP a prompt appears for authentication but then the error is received. The strange thing is there is no obvious information in the logs to identify the processes and rule type which is preventing this.

    Can anyone advise?

    Thanks

     

    Sean.



  • 2.  RE: SCSP IPS - Unblock RDP functionality

    Broadcom Employee
    Posted Oct 07, 2012 07:23 AM

    check the policy confoiguration for strict policy however the link is for sym_win_protection_core_sbp  policy, check if you have selected any host to block.

    http://www.symantec.com/business/support/index?page=content&id=TECH115345



  • 3.  RE: SCSP IPS - Unblock RDP functionality

    Posted Oct 07, 2012 10:36 AM

    Thanks for the reply Pete, however this is 5.2.9 policies. I just need confirmation that RDP is allowed with 'out of the box' strict and core policies?



  • 4.  RE: SCSP IPS - Unblock RDP functionality

    Broadcom Employee
    Posted Oct 07, 2012 11:16 AM

    i do not have 5.2.9 policy , however earlier versions have inbound allow any and outbound any to any.



  • 5.  RE: SCSP IPS - Unblock RDP functionality

    Posted Oct 07, 2012 01:52 PM

    Ive answered my own question using 5.2.9 strict and core. RDP is permitted with the default IPS policies so it looks like it is something to do with a netscaler service acount.

     

    Thanks anyway.