https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-over-RDP/m-p/87700#M10997 <P>In HTTPS rulebase you can specify which software blade are involved in the inspection. If you want to check files transferred through RDP with AVI blade, that will work.</P> <P>You cannot do local AVI scans through the blade though on the remote RDP machine, if this is what you were looking for. However, if someone is transferring files to it, those files pass AVI scan on the GW<BR /><BR /></P> <P>&nbsp;</P> Tue, 09 Jun 2020 07:12:59 GMT _Val_ 2020-06-09T07:12:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-over-RDP/m-p/87645#M10996 <P>I have successfully enabled https inspection over RDP following&nbsp;<SPAN>sk154752.&nbsp;<BR /><BR /></SPAN></P><P><SPAN>My wondering is what exactly you can “scan” in the RDP traffic?</SPAN></P><P>What I want to do is to scan for Virus when a user plug in a USB drive and transfer files from the client to the TS.&nbsp;<BR /><BR /></P><P>is it possible? Or does that traffic get encapsulated somehow?</P> Mon, 08 Jun 2020 16:37:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-over-RDP/m-p/87645#M10996 Andreas_Ahrnby 2020-06-08T16:37:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-over-RDP/m-p/87700#M10997 <P>In HTTPS rulebase you can specify which software blade are involved in the inspection. If you want to check files transferred through RDP with AVI blade, that will work.</P> <P>You cannot do local AVI scans through the blade though on the remote RDP machine, if this is what you were looking for. However, if someone is transferring files to it, those files pass AVI scan on the GW<BR /><BR /></P> <P>&nbsp;</P> Tue, 09 Jun 2020 07:12:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-over-RDP/m-p/87700#M10997 _Val_ 2020-06-09T07:12:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-over-RDP/m-p/87727#M10998 <P>Thanks for the reply, I have selected the AV blade but still my eicar test files don’t get intercepted.&nbsp;<BR /><BR /></P><P>the client is connected to the RDP server and using usb redirection.&nbsp;<BR /><BR /></P><P>on the RDP server I can see the usb drive with my test files and I can copy them to the desktop on the RDP server.&nbsp;</P> Tue, 09 Jun 2020 12:21:34 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-over-RDP/m-p/87727#M10998 Andreas_Ahrnby 2020-06-09T12:21:34Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-over-RDP/m-p/87754#M10999 <P>Seems like a support case, please take it with TAC</P> Tue, 09 Jun 2020 14:06:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-over-RDP/m-p/87754#M10999 _Val_ 2020-06-09T14:06:57Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-over-RDP/m-p/87755#M11000 <P>Which format are those files?</P> Tue, 09 Jun 2020 14:07:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-over-RDP/m-p/87755#M11000 _Val_ 2020-06-09T14:07:42Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-over-RDP/m-p/87761#M11001 <P>Eicar standard format, .com and zipped. It works if I just do regular SMB/Cifs transfer but the AV blade don’t stop them inside RDP.&nbsp;</P> Tue, 09 Jun 2020 14:25:48 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-over-RDP/m-p/87761#M11001 Andreas_Ahrnby 2020-06-09T14:25:48Z