Endpoint Protection

 View Only
Expand all | Collapse all

Blocking Remote desktop connection in Symantec endpoint protection

  • 1.  Blocking Remote desktop connection in Symantec endpoint protection

    Posted Mar 23, 2011 08:44 AM

    I want to block all the exe's which remotely connects with the server. Which Settings do i require in configuarations firewalls thorugh which i can block such exe's which would be mainly related to General, Hosts and ports and connection. 

    I would really appreciate if some one would help me out from this problem.



  • 2.  RE: Blocking Remote desktop connection in Symantec endpoint protection



  • 3.  RE: Blocking Remote desktop connection in Symantec endpoint protection
    Best Answer

    Trusted Advisor
    Posted Mar 23, 2011 12:46 PM

    Hello,

    There are few ways for resolving that issue:

    1) Block Remote Administration from NTP -

    Default Firewall Rules - The Deny rules includes blocking IPv6, IPv6 over IPv4, local file sharing, and Remote Administration

    2) Block certain users in Specific Group to access Remote Desktop to specific 1 single server by Following Steps provided below:

     

    • Confirm that Symantec Endpoint Protection is Installed with All features (Antivirus / Antispyware Protection, Proactive Threat Protection and Network Threat Protection) on Symantec Endpoint Protection Manager Server and on Client machine and the Machines have been Restarted after Installation.

     

     

    • Go to the Specific Group to which the Policy is to be applied.
    • Click on Policies TAB, Right click on the Firewall Policy and Click on "Non-Shared to copy."

     

     

    • Edit the Remote Administration Policy. In Service Column, Add  Block TCP 135,  Block TCP and UDP 3389. Set Local port to 3389. Kept Remote Port "Blank". Kept Direction to "Both"

     

    • Add IP Address OR MAC address of 1 client (Machine be Blocked) in the Host Column as Local.

     

    • Enable the Policy and Click on "OK"


  • 4.  RE: Blocking Remote desktop connection in Symantec endpoint protection

    Posted Mar 24, 2011 03:15 AM

    I cant find any Policies TAB on any of the group on which i clicked there are three options on the main screen of my SEP11:-

    1) Antivirus and Antispyware protection

            - Run Active Scan.

            -Change Settings.

            -View logs.

            -View Threat lists.

            -View file system auto protect.

     2) Proactive Threat protection

           -Change Settings.

           -View logs.

           -Disable Proactive threat protection.

    3) Network Threat protections 

          -change Settings

          - View logs 

         - View Applications Settings.

         - View network Activity 

         - Configurations Fire wall Rules (Main)

     

    Which settings should i do in configurations firewall rules in order to block the exes which does'nt allow remote desktop connection?

     

    I would really appreciate if some one would help me out from this problem.

     

     

     



  • 5.  RE: Blocking Remote desktop connection in Symantec endpoint protection

    Posted Mar 24, 2011 06:17 AM

    I just want the configuration firewall rules for blocking the mstsc.exe which blocks the remote desktop connection the firewall rules which wont make us to do remote desktop connection which would be for symantec endpoint protection.

    I would really appreciate if some one would help me out from this problem.



  • 6.  RE: Blocking Remote desktop connection in Symantec endpoint protection

    Trusted Advisor
    Posted Mar 24, 2011 01:47 PM

    Hello,

    Check this Screenshot attached above for your reference.

     



  • 7.  RE: Blocking Remote desktop connection in Symantec endpoint protection

    Posted Mar 25, 2011 07:41 AM

    Thank you so much mithun for your quick response it helped me a lot.



  • 8.  RE: Blocking Remote desktop connection in Symantec endpoint protection

    Posted Mar 28, 2011 05:47 AM
      |   view attached

    Can you help me for one thing i just want to block mstsc.exe through symantec so which step should i take and go through it so that i can block the remote desktop connection. I dont have any options after the 2nd screen shot which you have mentioned above there is no such firewall polices tab been located in my symantec endpoint protection. So will you plz tell me m getting the below screen when i open the network threat protection.



  • 9.  RE: Blocking Remote desktop connection in Symantec endpoint protection

    Posted Mar 28, 2011 06:19 AM

    the options he mentioned can be found in the symantec endpoint protection Manager...(SEPM)

    what you are looking at is the client SEP.

    If you have manager log in to those and check.. 

    open sep,help and support , troubleshooting , do u see the client as SElf Managed?



  • 10.  RE: Blocking Remote desktop connection in Symantec endpoint protection

    Posted Mar 28, 2011 09:13 AM

    There is  server:- Self managed so what to do after it for the blocking of remote desktop connection.



  • 11.  RE: Blocking Remote desktop connection in Symantec endpoint protection

    Trusted Advisor
    Posted Mar 28, 2011 10:08 AM

    Hello,

    The Settings shown on the Screenshot uploaded are in the SEPM.

    Where as the screenshot uploaded by you shows SEP client.

    Are you trying to create rules from SEP client or from SEPM?

    Is that a SEP client set as self managed?



  • 12.  RE: Blocking Remote desktop connection in Symantec endpoint protection

    Posted Mar 30, 2011 01:52 AM

    It is like Server: Self Managed 

    there is no Client: Self Managed.

    Please give some quick response i m running out of time.



  • 13.  RE: Blocking Remote desktop connection in Symantec endpoint protection

    Broadcom Employee
    Posted Mar 30, 2011 02:05 AM

    If the client self managed, convert it to managed by dropping sylink.xml ( from managed client) and apply the rule above by "Mithun Sanghavi "